Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution |
Informations | |||
---|---|---|---|
Name | KB2737111 | First vendor Publication | 2012-07-24 |
Vendor | Microsoft | Last vendor Modification | 2012-10-09 |
Severity (Vendor) | N/A | Revision | 3.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft has completed the investigation into public reports of vulnerabilities in third-party code, Oracle Outside In libraries, that affect Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and FAST Search Server 2010 for SharePoint, which ship that component. For more information about this issue, see the following references: Microsoft has released the following security updates to address this issue: |
Original Source
Url : http://www.microsoft.com/technet/security/advisory/2737111.mspx |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14834 | |||
Oval ID: | oval:org.mitre.oval:def:14834 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - XII | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3109 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14882 | |||
Oval ID: | oval:org.mitre.oval:def:14882 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - V | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1770 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15275 | |||
Oval ID: | oval:org.mitre.oval:def:15275 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - III | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1768 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15323 | |||
Oval ID: | oval:org.mitre.oval:def:15323 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - VII | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1772 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15568 | |||
Oval ID: | oval:org.mitre.oval:def:15568 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - VIII | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1773 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15608 | |||
Oval ID: | oval:org.mitre.oval:def:15608 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - IX | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3106 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15648 | |||
Oval ID: | oval:org.mitre.oval:def:15648 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - X | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3107 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15668 | |||
Oval ID: | oval:org.mitre.oval:def:15668 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - VI | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1771 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15721 | |||
Oval ID: | oval:org.mitre.oval:def:15721 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - IV | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1769 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15724 | |||
Oval ID: | oval:org.mitre.oval:def:15724 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - I | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1766 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15747 | |||
Oval ID: | oval:org.mitre.oval:def:15747 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - XIII | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3110 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15804 | |||
Oval ID: | oval:org.mitre.oval:def:15804 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - XI | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3108 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15812 | |||
Oval ID: | oval:org.mitre.oval:def:15812 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - II | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1767 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
OpenVAS Exploits
Date | Description |
---|---|
2012-10-10 | Name : Microsoft FAST Search Server 2010 for SharePoint RCE Vulnerabilities (2742321) File : nvt/secpod_ms12-067.nasl |
2012-08-15 | Name : MS Exchange Server WebReady Document Viewing Remote Code Execution Vulnerabil... File : nvt/secpod_ms12-058.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-15 | Oracle Outside-In JPEG2000 QCD segment processing heap buffer overflow attempt RuleID : 43560 - Revision : 1 - Type : FILE-OTHER |
2014-01-10 | Oracle Outside-In JPEG2000 QCD segment processing heap buffer overflow attempt RuleID : 23806 - Revision : 10 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-10-10 | Name : The remote Windows host is affected by multiple code execution vulnerabilities. File : smb_nt_ms12-067.nasl - Type : ACT_GATHER_INFO |
2012-10-09 | Name : An archiving application installed on the remote host has multiple vulnerabil... File : symantec_enterprise_vault_sym12-015.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Windows host has an application that is affected by a buffer overf... File : groupwise_ia_803_hp1.nasl - Type : ACT_GATHER_INFO |
2012-08-15 | Name : The remote mail server has multiple code execution vulnerabilities. File : smb_nt_ms12-058.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:38:40 |
|
2013-12-14 21:19:30 |
|