English
Russian
Japanese
LatAm
Türkiye
Brasil
France
Český
Deutschland
KLA10591
Code injection in Microsoft Exchange Server
Обновлено: 24/01/2020
|
Дата обнаружения
|
10/03/2015 |
|
Уровень угрозы
|
Warning |
|
Описание
|
Multiple XSS vulnerabilities were found in Microsoft Exchange Server. By exploiting these vulnerabilities malicious users can inject arbitrary web script or spoof user interface. These vulnerabilities can be exploited remotely via a specially designed URL, msgParam or other unknown vectors. |
|
Пораженные продукты
|
Microsoft Exchange Server 2013 Service Pack 1 |
|
Решение
|
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel) |
|
Первичный источник обнаружения
|
CVE-2015-1629 CVE-2015-1628 CVE-2015-1631 CVE-2015-1630 CVE-2015-1632 |
|
Оказываемое влияние
?
|
CI
[?]
SUI
[?]
|
|
Связанные продукты
|
Microsoft Exchange Server |
|
CVE-IDS
|
CVE-2015-16294.3Warning
CVE-2015-16284.3Warning CVE-2015-16315.0Critical CVE-2015-16304.3Warning CVE-2015-16324.3Warning |
|
Microsoft official advisories
|
Microsoft Security Update Guide |
|
KB list
|
|