Описание
Microsoft Exchange Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that Microsoft Outlook handles meeting invitation requests.
To exploit the vulnerability, an attacker could send a specially crafted Outlook meeting invitation request with malicious cross-site scripting (XSS) capability to a user.
The update addresses the vulnerability by correcting how Outlook handles meeting invitation requests.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Exchange Server 2016 Cumulative Update 1 | ||
| Microsoft Exchange Server 2016 Cumulative Update 2 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability."
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability."
EPSS