Lucene search
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day InitiativeZDI-23-1447HistorySep 19, 2023 - 12:00 a.m.
Microsoft Exchange ExFileLog Deserialization of Untrusted Data Denial-of-Service Vulnerability
2023-09-1900:00:00
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
8
microsoft exchange
exfilelog
deserialization
untrusted data
denial-of-service
0.003 Low
EPSS
Percentile
71.8%
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserialization of the ExFileLog class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
Related
cnvd
cnvd
Microsoft Exchange Server Spoofing Vulnerability (CNVD-2023-72226)
2023-09-15 00:00:00
nvd
nvd
CVE-2023-36757
2023-09-12 17:15:11
prion
prion
Spoofing
2023-09-12 17:15:00
mscve
mscve
Microsoft Exchange Server Spoofing Vulnerability
2023-09-12 07:00:00
cve
cve
CVE-2023-36757
2023-09-12 17:15:11
cvelist
cvelist
CVE-2023-36757 Microsoft Exchange Server Spoofing Vulnerability
2023-09-12 16:58:30
kaspersky
kaspersky
KLA60568 Multiple vulnerabilities in Microsoft Server Software
2023-09-12 00:00:00
nessus
nessus
Security Updates for Microsoft Exchange Server (September 2023)
2023-09-12 00:00:00
mskb
mskb
rapid7blog
rapid7blog
Patch Tuesday - September 2023
2023-09-12 22:55:55