Gravità: : Alto
  Identificatori CVE: CVE-2014-6319
  Data notifica: 10 dicembre 2014

  Descrizione

This security update resolves four privately reported vulnerabilities in Microsoft Exchange Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes them to a targeted Outlook Web App site. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website, and then convince them to click the specially crafted URL.

  Informazioni esposizione:

  Software e versione interessati:

  • Microsoft Exchange Server 2007 Service Pack 3
  • Microsoft Exchange Server 2010 Service Pack 3
  • Microsoft Exchange Server 2013 Service Pack 1
  • Microsoft Exchange Server 2013 Cumulative Update 6