This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote mail server has multiple vulnerabilities.
The version of Microsoft Exchange installed on the remote host uses a
version of the Oracle Outside In libraries, which are affected by the
following vulnerabilities :
- Two unspecified code execution vulnerabilities exist in
the WebReady Document Viewing feature of Outlook Web
Access. (CVE-2013-2393, CVE-2013-3776)
- An unspecified denial of service vulnerability exists in
the Data Loss Protection feature. This vulnerability
only affects Exchange 2013. (CVE-2013-3781)
These vulnerabilities can be exploited when a user views a maliciously
crafted file in Outlook Web Access in a browser.
See also :
Microsoft has released a set of patches for Exchange 2007 SP3, 2010 SP2
/ SP3, and 2013 CU2 and CU3.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.0
Public Exploit Available : false
Family: Windows : Microsoft Bulletins
Nessus Plugin ID: 69326 ()
Bugtraq ID: 591296123261234
CVE ID: CVE-2013-2393CVE-2013-3776CVE-2013-3781
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.