This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote mail server has multiple vulnerabilities.
The version of Microsoft Exchange installed on the remote host has the
following vulnerabilities :
- Multiple code execution vulnerabilities in the Oracle Outside In
libraries, used by the WebReady Document Viewing feature of
Outlook Web App (OWA). An attacker could exploit this by
sending a malicious email attachment to a user who views it in
OWA, resulting in arbitrary code execution as LocalService.
- A denial of service caused by Exchange improperly handling
RSS feeds. An attacker with a valid email account on the
Exchange server could create a specially crafted RSS feed,
which could cause the system to become unresponsive and
result in data corruption. (CVE-2012-4791)
See also :
Microsoft has released a set of patches for Exchange 2007 and 2010.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.0
Public Exploit Available : false