MS16-079: Security Update for Microsoft Exchange Server (3160339)

Critical Nessus Plugin ID 91612


The remote Microsoft Exchange Server is affected by multiple vulnerabilities.


The remote Microsoft Exchange Server is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple stack buffer overflow conditions exist in the Oracle Outside In subcomponent due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, via a crafted file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-6013, CVE-2015-6014, CVE-2015-6015)

- An email filter bypass flaw exists in the parsing of HTML messages. An unauthenticated, remote attacker can exploit this, via specially crafted URLs in OWA messages, to identify, fingerprint, and track a user online if the user views email using Outlook Web Access.


Microsoft has released a set of patches for Exchange Server 2007, 2010, 2013, and 2016.

See Also

Plugin Details

Severity: Critical

ID: 91612

File Name: smb_nt_ms16-079.nasl

Version: $Revision: 1.9 $

Type: local

Agent: windows

Published: 2016/06/15

Modified: 2017/07/12

Dependencies: 77910, 57033

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:exchange_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/06/14

Vulnerability Publication Date: 2016/01/19

Reference Information

CVE: CVE-2015-6013, CVE-2015-6014, CVE-2015-6015, CVE-2016-0028

BID: 81227, 81233, 81243, 91115

OSVDB: 133206, 133207, 138339

MSFT: MS16-079

MSKB: 3151086, 3151097, 3150501

CERT: 916896