Microsoft Exchange Server Elevation Of Privilege Vulnerability (CVE-2015-1632)
Publish Date: 04 de listopada de 2016
Severity: : Critical
CVE Kennungen: : 2015-1632,MS15-026
DESCRIPTION
Elevation of privilege vulnerability exists when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. An attacker could exploit this vulnerability by modifying certain properties within Outlook Web App and then convincing users to browse to the targeted Outlook Web App site. An attacker who successfully exploited this vulnerability could run script in the context of the current user.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1000552
Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention
AFFECTED SOFTWARE AND VERSION:
- Microsoft Exchange Server