Lucene search
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day InitiativeZDI-23-1419HistorySep 12, 2023 - 12:00 a.m.
Microsoft Exchange ApprovedApplicationCollection Deserialization of Untrusted Data Remote Code Execution Vulnerability
2023-09-1200:00:00
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
8
microsoft exchange
deserialization vulnerability
remote code execution
authentication
untrusted data
0.001 Low
EPSS
Percentile
28.6%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserialization of the ApprovedApplicationCollection class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
Related
nvd
nvd
CVE-2023-36756
2023-09-12 17:15:10
cnvd
cnvd
mscve
mscve
Microsoft Exchange Server Remote Code Execution Vulnerability
2023-09-12 07:00:00
cvelist
cvelist
CVE-2023-36756 Microsoft Exchange Server Remote Code Execution Vulnerability
2023-09-12 16:58:31
prion
prion
Remote code execution
2023-09-12 17:15:00
cve
cve
CVE-2023-36756
2023-09-12 17:15:10
kaspersky
kaspersky
KLA60568 Multiple vulnerabilities in Microsoft Server Software
2023-09-12 00:00:00
nessus
nessus
Security Updates for Microsoft Exchange Server (September 2023)
2023-09-12 00:00:00
talosblog
talosblog
mskb
mskb
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review
2023-09-12 19:20:31
avleonov
avleonov
rapid7blog
rapid7blog
Patch Tuesday - September 2023
2023-09-12 22:55:55