Detections
Analytics

MS13-061: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)

medium Nessus Plugin ID 69326

Language:

Synopsis

The remote mail server has multiple vulnerabilities.

Description

The version of Microsoft Exchange installed on the remote host uses a version of the Oracle Outside In libraries, which are affected by the following vulnerabilities :

 - Two unspecified code execution vulnerabilities exist in the WebReady Document Viewing feature of Outlook Web Access. (CVE-2013-2393, CVE-2013-3776)

 - An unspecified denial of service vulnerability exists in the Data Loss Protection feature. This vulnerability only affects Exchange 2013. (CVE-2013-3781)

These vulnerabilities can be exploited when a user views a maliciously crafted file in Outlook Web Access in a browser.

Solution

Microsoft has released a set of patches for Exchange 2007 SP3, 2010 SP2 / SP3, and 2013 CU2 and CU3.

See Also

http://www.nessus.org/u?3b00e6f8

http://www.nessus.org/u?f2a3b072

http://www.nessus.org/u?2b287b00

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-061

Plugin Details

Severity: Medium

ID: 69326

File Name: smb_nt_ms13-061.nasl

Version: 1.12

Type: local

Agent: windows

Published: 8/14/2013

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:exchange_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 8/13/2013

Vulnerability Publication Date: 4/16/2013

Reference Information

CVE: CVE-2013-2393, CVE-2013-3776, CVE-2013-3781

BID: 59129, 61232, 61234

MSFT: MS13-061

MSKB: 2866475, 2873746, 2874216