MS12-080: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.

Synopsis :

The remote mail server has multiple vulnerabilities.

Description :

The version of Microsoft Exchange installed on the remote host has the
following vulnerabilities :

- Multiple code execution vulnerabilities in the Oracle Outside In
libraries, used by the WebReady Document Viewing feature of
Outlook Web App (OWA). An attacker could exploit this by
sending a malicious email attachment to a user who views it in
OWA, resulting in arbitrary code execution as LocalService.
(CVE-2012-3214, CVE-2012-3217)

- A denial of service caused by Exchange improperly handling
RSS feeds. An attacker with a valid email account on the
Exchange server could create a specially crafted RSS feed,
which could cause the system to become unresponsive and
result in data corruption. (CVE-2012-4791)

See also :

Solution :

Microsoft has released a set of patches for Exchange 2007 and 2010.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.0
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 63227 ()

Bugtraq ID: 55977

CVE ID: CVE-2012-3214

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now