Trend Micro Security

MS13-105:Microsoft Exchange Server の脆弱性により、リモートでコードが実行される (2915705)

  危険度: : 緊急
  CVE識別番号: CVE-2013-1330

  概要

This security update resolves three publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft Exchange Server. The most severe of these vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. These vulnerabilities could allow remote code execution in the security context of the LocalService account if an attacker sends an email message containing a specially crafted file to a user on an affected Exchange server. The LocalService account has minimum privileges on the local system and presents anonymous credentials on the network.

  トレンドマイクロの対策

詳しい情報については以下のサイトをご参照ください。

  対応方法

  影響を受けるソフトウェア

  • Microsoft Exchange Server 2007 Service Pack 3
  • Microsoft Exchange Server 2010 Service Pack 2
  • Microsoft Exchange Server 2010 Service Pack 3
  • Microsoft Exchange Server 2013 Cumulative Update 2