Microsoft has reported multiple vulnerabilities in
Microsoft Exchange Server, which can be exploited by malicious people to cause
a DoS (Denial of Service) and compromise a vulnerable system.
The vulnerabilities exist in the bundled version of
Oracle Outside In Technology libraries
Release Date 2012-07-25
Severity :High
·
Impact
·
DoS
·
System access
·
Authentication level
Systems affected
·
Microsoft Exchange Server 2007
·
Microsoft Exchange Server 2010
·
CVE
Reference(s)
CVE-2012-1766
CVE-2012-1767
CVE-2012-1768
CVE-2012-1769
CVE-2012-1770
CVE-2012-1771
CVE-2012-1772
CVE-2012-1773
CVE-2012-3106
CVE-2012-3107
CVE-2012-3108
CVE-2012-3109
CVE-2012-3110
Description
The vulnerabilities exist in the way that the Oracle
Outside In libraries parse specially crafted files.
An attacker who successfully exploited these
vulnerabilities could run arbitrary code under the process that is performing
the parsing of this specially crafted files to a site that is using FAST Search
to index. When the FAST Search index parses the specially crafted file,
arbitrary code is run in the context of a user with a restricted token.
Solution
Apply workarounds at
http://technet.microsoft.com/en-us/security/advisory/2737111
http://technet.microsoft.com/en-us/security/advisory/2737111
Original
Advisory
Microsoft:
http://technet.microsoft.com/en-us/security/advisory/2737111
NOTE : The information is provide is on “as is “ basis, without
assurance of any kind.