Vigil@nce - Microsoft Exchange 2013: five vulnerabilities
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Microsoft Exchange
2013.
Impacted products: Exchange
Severity: 2/4
Creation date: 10/03/2015
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Microsoft Exchange 2013.
An attacker can trigger a Cross Site Scripting in OWA, in order to
execute JavaScript code in the context of the web site.
[severity:2/4; CVE-2015-1628]
An attacker can trigger a Cross Site Scripting in OWA, in order to
execute JavaScript code in the context of the web site.
[severity:2/4; CVE-2015-1629]
An attacker can trigger a Cross Site Scripting in OWA, in order to
execute JavaScript code in the context of the web site.
[severity:2/4; CVE-2015-1630]
An attacker can trigger a Cross Site Scripting in OWA, in order to
execute JavaScript code in the context of the web site.
[severity:2/4; CVE-2015-1632]
An attacker can spoof the identity of a meeting organizer.
[severity:2/4; CVE-2015-1631]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Microsoft-Exchange-2013-five-vulnerabilities-16370