(MS14-075) Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712)
Schweregrad: : Alto
Identificador(es) CVE: : CVE-2014-6319
Data do informe: 10 dezembro 2014
Descrição
This security update resolves four privately reported vulnerabilities in Microsoft Exchange Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes them to a targeted Outlook Web App site. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website, and then convince them to click the specially crafted URL.
Exposição das informações
Software infectado e versão:
- Microsoft Exchange Server 2007 Service Pack 3
- Microsoft Exchange Server 2010 Service Pack 3
- Microsoft Exchange Server 2013 Service Pack 1
- Microsoft Exchange Server 2013 Cumulative Update 6