Summary
This host is missing a critical security update according to Microsoft Bulletin MS12-058.
Impact
Successful exploitation could allow an attacker to run arbitrary code as LocalService on the affected Exchange server.
Impact Level: Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link,
Insight
The flaws are caused when WebReady Document Viewer is used to preview a specially crafted file.
Affected
Microsoft Exchange Server 2007 Service Pack 3
Microsoft Exchange Server 2010 Service Pack 1
Microsoft Exchange Server 2010 Service Pack 2
References
Severity
Classification
-
CVE CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, CVE-2012-3110. -
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- MS Exchange Server WebReady Document Viewing Remote Code Execution Vulnerabilities (2740358)
- Microsoft Windows Group Policy Security Feature Bypass Vulnerability (3004361)
- MS Exchange Server Remote Code Execution Vulnerabilities (2784126)
- Microsoft FAST Search Server 2010 for SharePoint RCE Vulnerabilities (2742321)
- Microsoft Windows ASP.NET Denial of Service Vulnerability(970957)