MS12-058: Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358)
Medium Nessus Plugin ID 61533
The remote mail server has multiple code execution vulnerabilities.
The version of Microsoft Exchange running on the remote host is using a vulnerable set of the Oracle Outside In libraries. These libraries are used by the WebReady Document Viewing feature to display certain kinds of attachments viewed via Outlook Web App (OWA). An attacker could exploit this by sending a malicious email attachment to a user who views it in OWA, resulting in arbitrary code execution as LocalService.
Microsoft has released a set of patches for Exchange 2007 and 2010.