This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote Microsoft Exchange Server is affected by multiple
The remote Microsoft Exchange Server is missing a security update. It
is, therefore, affected by multiple vulnerabilities :
- Multiple remote code execution vulnerabilities exist in
the Oracle Outside In libraries. An unauthenticated,
remote attacker can exploit these, via a specially
crafted email, to execute arbitrary code.
(CVE-2015-6014, CVE-2016-3575, CVE-2016-3581,
CVE-2016-3582, CVE-2016-3583, CVE-2016-3591,
CVE-2016-3592, CVE-2016-3593, CVE-2016-3594,
- An unspecified information disclosure vulnerability
exists in the Oracle Outside In libraries that allows an
attacker to disclose sensitive information.
- Multiple denial of service vulnerabilities exists in the
Oracle Outside In libraries. (CVE-2016-3576,
CVE-2016-3577, CVE-2016-3578, CVE-2016-3579,
- An information disclosure vulnerability exists due to
improper parsing of certain unstructured file formats.
An unauthenticated, remote attacker can exploit this,
via a crafted email using 'send as' rights, to disclose
confidential user information. (CVE-2016-0138)
- An open redirect vulnerability exists due to improper
handling of open redirect requests. An unauthenticated,
remote attacker can exploit this, by convincing a user
to click a specially crafted URL, to redirect the user
to a malicious website that spoofs a legitimate one.
- An elevation of privilege vulnerability exists due to
improper handling of meeting invitation requests. An
unauthenticated, remote attacker can exploit this, via a
specially crafted Outlook meeting invitation request,
to gain elevated privileges. (CVE-2016-3379)
See also :
Microsoft has released a set of patches for Exchange Server 2007,
2010, 2013, and 2016.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false
Family: Windows : Microsoft Bulletins
Nessus Plugin ID: 93467 ()
CVE ID: CVE-2015-6014
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now