Lucene search
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day InitiativeZDI-23-1448HistorySep 19, 2023 - 12:00 a.m.
Microsoft Exchange SharedTypeResolver Deserialization of Untrusted Data Remote Code Execution Vulnerability
2023-09-1900:00:00
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
24
microsoft exchange
sharedtyperesolver
deserialization
untrusted data
remote code execution
vulnerability
authentication
validation
user-supplied data
system
0.001 Low
EPSS
Percentile
34.7%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserialization of the SharedTypeResolver class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM.
Related
cvelist
cvelist
CVE-2023-36745 Microsoft Exchange Server Remote Code Execution Vulnerability
2023-09-12 16:58:31
prion
prion
Remote code execution
2023-09-12 17:15:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Microsoft
2023-10-23 19:06:36
cve
cve
CVE-2023-36745
2023-09-12 17:15:10
nvd
nvd
CVE-2023-36745
2023-09-12 17:15:10
mscve
mscve
Microsoft Exchange Server Remote Code Execution Vulnerability
2023-09-12 07:00:00
cnvd
cnvd
kaspersky
kaspersky
KLA60568 Multiple vulnerabilities in Microsoft Server Software
2023-09-12 00:00:00
nessus
nessus
Security Updates for Microsoft Exchange Server (September 2023)
2023-09-12 00:00:00
talosblog
talosblog
mskb
mskb
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review
2023-09-12 19:20:31
avleonov
avleonov
rapid7blog
rapid7blog
Patch Tuesday - September 2023
2023-09-12 22:55:55