This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote mail server has multiple vulnerabilities.
The version of Microsoft Exchange installed on the host is affected by
the following vulnerabilities :
- A code execution vulnerability exists that could allow
an attacker to execute arbitrary code in the context of
the OWA service account. (CVE-2013-1330)
- A cross-site scripting vulnerability exists in OWA in
which an attacker could elevate their privileges and run
a script in the context of the current user.
- Two code execution vulnerabilities exist in the WebReady
Document Viewing feature of Outlook Web Access. Code
execution is limited to the LocalService account. In
addition, a denial of service vulnerability exists in
the DLP feature of Exchange 2013. (CVE-2013-5763,
See also :
Microsoft has released a set of patches for Exchange 2007 SP3, 2010 SP2
and SP3, 2013 CU2 and CU3.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true
Family: Windows : Microsoft Bulletins
Nessus Plugin ID: 71320 ()
Bugtraq ID: 62221630766374164085
CVE ID: CVE-2013-1330CVE-2013-5072CVE-2013-5763CVE-2013-5791
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.