Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Microsoft warns of critical Oracle code bugs in Exchange

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 1 Aug 2012 04:14:50 -0500 (CDT)
https://www.computerworld.com/s/article/9229816/Microsoft_warns_of_critical_Oracle_code_bugs_in_Exchange

By Gregg Keizer
Computerworld
July 31, 2012
Microsoft last week warned IT administrators that critical vulnerabilities in code licensed from Oracle could give attackers access to Exchange Server 2007 and Exchange Server 2010 systems.
Oracle patched the vulnerabilities in its "Oracle Outside In" code libraries as part of a massive update on July 17 that fixed nearly 90 flaws in its database software.
Exchange, as well as Microsoft's FAST Search Server 2010 for SharePoint, use the Oracle Outside In libraries to display file attachments in a browser rather than to open them in a locally-stored application, like Microsoft Word. The vulnerabilities are within the code that parses those attachments.
"An attacker who successfully exploited these vulnerabilities could run arbitrary code under the process that is performing the parsing of the specially crafted files," said Microsoft in the security advisory it issued a week ago. 

[...]


--
Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online.
Come to a free class and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill
Previous By Date Next
Previous By Thread Next

Current thread: