Информационная безопасность
[RU] switch to English


Выполнение кода в Microsoft Exchange / FAST Search Server
Опубликовано:14 февраля 2013 г.
Источник:
SecurityVulns ID:12884
Тип:удаленная
Уровень опасности:
8/10
Описание:Выполнение кода при просмотре документа через Outlook Web Access / Advanced Filter Pack связанная с использованием технологии Oracle Outside In.
Затронутые продукты:MICROSOFT : Exchange 2007
 MICROSOFT : Exchange 2010
 MICROSOFT : FAST Search Server 2010
CVE:CVE-2013-0418 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be triggered using a table header with a crafted "number of fields" value.)
 CVE-2013-0393 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0418.)
 CVE-2012-3217 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK.)
 CVE-2012-3214 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
Файлы:Microsoft Security Bulletin MS13-012 - Critical Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279)
 Microsoft Security Bulletin MS13-013 - Important Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород