Microsoft Exchange Server Elevation Of Privilege Vulnerability (CVE-2015-1632)
Gravité: : Critique
Identifiant(s) CVE: : 2015-1632,MS15-026
Description
Elevation of privilege vulnerability exists when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. An attacker could exploit this vulnerability by modifying certain properties within Outlook Web App and then convincing users to browse to the targeted Outlook Web App site. An attacker who successfully exploited this vulnerability could run script in the context of the current user.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1000552
Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention
Affected software and version:
- Microsoft Exchange Server