The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Exchange

computer vulnerability CVE-2017-11932

Microsoft Exchange Server: vulnerabilities of December 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Exchange.
Severity: 2/4.
Consequences: data reading, data creation/edition, disguisement.
Provenance: document.
Creation date: 13/12/2017.
Identifiers: CERTFR-2017-AVI-468, CVE-2017-11932, VIGILANCE-VUL-24755.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-11937 CVE-2017-11940

Microsoft Malware Protection Engine: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Microsoft Malware Protection Engine, in order to run code.
Impacted products: Exchange, Forefront Endpoint Protection, System Center Endpoint Protection, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 07/12/2017.
Revision date: 08/12/2017.
Identifiers: CERTFR-2017-AVI-456, CVE-2017-11937, CVE-2017-11940, VIGILANCE-VUL-24683.

Description of the vulnerability

An attacker can use a vulnerability of Microsoft Malware Protection Engine, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-11761 CVE-2017-8758

Microsoft Exchange Server: vulnerabilities of September 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Exchange.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/09/2017.
Identifiers: CERTFR-2017-AVI-297, CVE-2017-11761, CVE-2017-8758, VIGILANCE-VUL-23831.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-8559 CVE-2017-8560 CVE-2017-8621

Microsoft Exchange: vulnerabilities of July 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Exchange.
Impacted products: Exchange.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 12/07/2017.
Identifiers: CERTFR-2017-AVI-210, CVE-2017-8559, CVE-2017-8560, CVE-2017-8621, VIGILANCE-VUL-23204.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 22477

Microsoft Exchange 2003: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Microsoft Exchange 2003, in order to run code.
Impacted products: Exchange.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 18/04/2017.
Identifiers: VIGILANCE-VUL-22477.

Description of the vulnerability

An attacker can use a vulnerability of Microsoft Exchange 2003, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-0110

Microsoft Exchange: vulnerabilities of March 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Exchange.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: document.
Creation date: 14/03/2017.
Identifiers: 4013242, CVE-2017-0110, MS17-015, VIGILANCE-VUL-22127.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-6014 CVE-2016-0138 CVE-2016-3378

Microsoft Exchange: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Exchange.
Impacted products: Exchange.
Severity: 4/4.
Consequences: privileged access/rights, user access/rights, client access/rights, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 13/09/2016.
Identifiers: 3185883, CERTFR-2016-AVI-310, CVE-2015-6014, CVE-2016-0138, CVE-2016-3378, CVE-2016-3379, CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, CVE-2016-3596, MS16-108, VIGILANCE-VUL-20593.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Exchange.

An attacker can bypass security features via Email Parsing, in order to obtain sensitive information. [severity:2/4; CVE-2016-0138]

An attacker can deceive the user, in order to redirect him to a malicious site. [severity:1/4; CVE-2016-3378]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-3379]

An attacker can generate a memory corruption via Oracle Outside In Libraries, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-20165). [severity:4/4; CVE-2015-6014, CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, CVE-2016-3596]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-6013 CVE-2015-6014 CVE-2015-6015

Microsoft Exchange: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Exchange.
Impacted products: Exchange.
Severity: 3/4.
Consequences: privileged access/rights, data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/06/2016.
Identifiers: 3160339, CERTFR-2016-AVI-207, CVE-2015-6013, CVE-2015-6014, CVE-2015-6015, CVE-2016-0028, MS16-079, VIGILANCE-VUL-19892.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Exchange.

An attacker can track the activity of a user of "Outlook Web Access". [severity:3/4; CVE-2016-0028]

An attacker can generate a buffer overflow via the Microsoft variants of the libraries Oracle Outside In, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6013, CVE-2015-6014, CVE-2015-6015]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-4808 CVE-2015-6013 CVE-2015-6014

Oracle Outside In Technology: multiple vulnerabilities of January 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Outside In Technology.
Impacted products: GroupShield, McAfee Security for Email Servers, Exchange, Oracle OIT.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 20/01/2016.
Identifiers: cpujan2016, CVE-2015-4808, CVE-2015-6013, CVE-2015-6014, CVE-2015-6015, CVE-2016-0432, VIGILANCE-VUL-18759, VU#916896.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Outside In Technology.

An attacker can use a vulnerability of Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4808]

An attacker can use a vulnerability of Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-6013]

An attacker can use a vulnerability of Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-6014]

An attacker can use a vulnerability of Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-6015]

An attacker can use a vulnerability of Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0432]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-0029 CVE-2016-0030 CVE-2016-0031

Microsoft Exchange: four vulnerabilities of Spoofing

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Spoofing of Microsoft Exchange.
Impacted products: Exchange.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 12/01/2016.
Identifiers: 3124557, CERTFR-2016-AVI-015, CVE-2016-0029, CVE-2016-0030, CVE-2016-0031, CVE-2016-0032, MS16-010, VIGILANCE-VUL-18705.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Exchange Outlook Web Access.

An attacker can trigger a Cross Site Scripting in OWA, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-0029]

An attacker can trigger a Cross Site Scripting in OWA, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-0030]

An attacker can trigger a Cross Site Scripting in OWA, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-0031]

An attacker can trigger a Cross Site Scripting in OWA, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-0032]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Microsoft Exchange: