Lucene search
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day InitiativeZDI-22-1604HistoryNov 21, 2022 - 12:00 a.m.
Microsoft Exchange SerializationTypeConverter Deserialization of Untrusted Data Information Disclosure Vulnerability
2022-11-2100:00:00
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
7
microsoft exchange
serializationtypeconverter
deserialization
untrusted data
information disclosure
0.045 Low
EPSS
Percentile
92.5%
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the SerializationTypeConverter class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM.
Related
nvd
nvd
CVE-2022-41079
2022-11-09 22:15:21
cnvd
cnvd
Microsoft Exchange Server Spoofing Vulnerability (CNVD-2023-72230)
2022-11-10 00:00:00
prion
prion
Spoofing
2022-11-09 22:15:00
cvelist
cvelist
CVE-2022-41079 Microsoft Exchange Server Spoofing Vulnerability
2022-11-09 00:00:00
cve
cve
CVE-2022-41079
2022-11-09 22:15:21
mscve
mscve
Microsoft Exchange Server Spoofing Vulnerability
2022-11-08 08:00:00
kaspersky
kaspersky
KLA20042 Multiple vulnerabilities in Microsoft Server Software
2022-11-08 00:00:00
mskb
mskb
nessus
nessus
Security Updates for Microsoft Exchange Server (Nov 2022)
2022-11-11 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - November 2022
2022-11-08 20:02:57