Microsoft Exchange Server Elevation Of Privilege Vulnerability (CVE-2015-1632)
Severity: CRITICAL
CVE Identifier: 2015-1632,MS15-026
DESCRIPTION
Elevation of privilege vulnerability exists when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. An attacker could exploit this vulnerability by modifying certain properties within Outlook Web App and then convincing users to browse to the targeted Outlook Web App site. An attacker who successfully exploited this vulnerability could run script in the context of the current user.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1000552
Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention
AFFECTED SOFTWARE AND VERSION
- Microsoft Exchange Server