Lucene search
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day InitiativeZDI-23-1418HistorySep 12, 2023 - 12:00 a.m.
Microsoft Exchange ProjectInstance Deserialization of Untrusted Data Information Disclosure Vulnerability
2023-09-1200:00:00
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
5
microsoft exchange
deserialization
information disclosure
vulnerability
authentication
validation
user-supplied data
system
0.002 Low
EPSS
Percentile
53.5%
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserialization of the ProjectInstance class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM.
Related
cve
cve
CVE-2023-36777
2023-09-12 17:15:14
prion
prion
Information disclosure
2023-09-12 17:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-36777
2023-09-12 17:15:14
mscve
mscve
Microsoft Exchange Server Information Disclosure Vulnerability
2023-09-12 07:00:00
zdi
zdi
nessus
nessus
Security Updates for Microsoft Exchange Server (September 2023)
2023-09-12 00:00:00
kaspersky
kaspersky
KLA60568 Multiple vulnerabilities in Microsoft Server Software
2023-09-12 00:00:00
mskb
mskb
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review
2023-09-12 19:20:31
rapid7blog
rapid7blog
Patch Tuesday - September 2023
2023-09-12 22:55:55