logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2018-8302

Description

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka “Microsoft Exchange Memory Corruption Vulnerability.” This affects Microsoft Exchange Server. **Recent assessments:** **zeroSteiner** at March 20, 2020 1:04pm UTC reported: A .NET deserialization vulnerability exists within Exchange when configured with Unified Messaging (UM). An attacker needs to be able to authenticate as an Exchange user with a configured UM voice mailbox. After doing so they utilize Exchange Web Services (EWS) to upload a malicious payload before calling the target user to leave a voice mail resulting in code execution. The target user does _not_ need to listen to the voice mail in order for the payload to be executed. Assessed Attacker Value: 5 Assessed Attacker Value: 5Assessed Attacker Value: 4


Related