JVN#07497769: Oracle Outside In vulnerable to buffer overflow
2013-07-17T00:00:00
ID JVN:07497769 Type jvn Reporter Japan Vulnerability Notes Modified 2013-07-17T00:00:00
Description
## Description
Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a buffer overflow vulnerability.
## Impact
When Oracle Outside In processes a specially crafted Ichitaro Word Processor file, arbitrary code may be executed.
## Solution
Apply an update
Update to the latest version according to the information provided by the developer.
## Products Affected
Oracle Outside In 8.3.7 and earlier
{"id": "JVN:07497769", "bulletinFamily": "info", "title": "JVN#07497769: Oracle Outside In vulnerable to buffer overflow", "description": "\n ## Description\n\nOracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a buffer overflow vulnerability.\n\n ## Impact\n\nWhen Oracle Outside In processes a specially crafted Ichitaro Word Processor file, arbitrary code may be executed.\n\n ## Solution\n\n**Apply an update** \nUpdate to the latest version according to the information provided by the developer. \n\n\n ## Products Affected\n\n * Oracle Outside In 8.3.7 and earlier \n\n", "published": "2013-07-17T00:00:00", "modified": "2013-07-17T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://jvn.jp/en/jp/JVN07497769/index.html", "reporter": "Japan Vulnerability Notes", "references": [], "cvelist": ["CVE-2013-3781"], "type": "jvn", "lastseen": "2019-05-29T17:21:43", "edition": 4, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-3781"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13214", "SECURITYVULNS:VULN:13252"]}, {"type": "nessus", "idList": ["SMB_NT_MS13-061.NASL"]}, {"type": "mskb", "idList": ["KB2876063"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310902992", "OPENVAS:902992"]}, {"type": "oracle", "idList": ["ORACLE:CPUJULY2013-1899826"]}], "modified": "2019-05-29T17:21:43", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2019-05-29T17:21:43", "rev": 2}, "vulnersScore": 7.6}, "scheme": null}
{"cve": [{"lastseen": "2020-10-03T12:46:03", "description": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3776.\nPer: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html\r\n\r\n'Outside In Technology is a suite of \r\nsoftware development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8.'", "edition": 3, "cvss3": {}, "published": "2013-07-17T13:41:00", "title": "CVE-2013-3781", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-3781"], "modified": "2018-10-12T22:04:00", "cpe": ["cpe:/a:oracle:fusion_middleware:8.4", "cpe:/a:oracle:fusion_middleware:8.4.1", "cpe:/a:oracle:fusion_middleware:8.3.7.0"], "id": "CVE-2013-3781", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3781", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:fusion_middleware:8.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:fusion_middleware:8.3.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:fusion_middleware:8.4:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-02T21:11:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2393", "CVE-2013-3776", "CVE-2013-3781"], "description": "This host is missing a critical security update according to\nMicrosoft Bulletin MS13-061.", "modified": "2017-02-18T00:00:00", "published": "2013-08-14T00:00:00", "id": "OPENVAS:902992", "href": "http://plugins.openvas.org/nasl.php?oid=902992", "type": "openvas", "title": "MS Exchange Server Remote Code Execution Vulnerabilities (2876063)", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms13-061.nasl 5339 2017-02-18 16:28:22Z cfi $\n#\n# MS Exchange Server Remote Code Execution Vulnerabilities (2876063)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_id(902992);\n script_version(\"$Revision: 5339 $\");\n script_cve_id(\"CVE-2013-2393\", \"CVE-2013-3776\", \"CVE-2013-3781\");\n script_bugtraq_id(59129, 61234, 61232);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-18 17:28:22 +0100 (Sat, 18 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-14 13:28:33 +0530 (Wed, 14 Aug 2013)\");\n script_name(\"MS Exchange Server Remote Code Execution Vulnerabilities (2876063)\");\n\n tag_summary =\n\"This host is missing a critical security update according to\nMicrosoft Bulletin MS13-061.\";\n\n tag_vuldetect =\n\"Get the vulnerable file version and check appropriate patch is applied\nor not.\";\n\n tag_insight =\n\"The flaws exist in the WebReady Document Viewing and Data Loss Prevention\nfeatures of Microsoft Exchange Server.\";\n\n tag_impact =\n\"Successful exploitation could allow an attacker to cause a denial of service\ncondition or run arbitrary code as LocalService on the affected Exchange\nserver.\n\nImpact Level: System\";\n\n tag_affected =\n\"Microsoft Exchange Server 2007 Service Pack 3\nMicrosoft Exchange Server 2010 Service Pack 2\nMicrosoft Exchange Server 2010 Service Pack 3\";\n\n tag_solution =\n\"Run Windows Update and update the listed hotfixes or download and update\nmentioned hotfixes in the advisory from the below link,\nhttps://technet.microsoft.com/en-us/security/bulletin/ms13-061\";\n\n\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/54392\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2873746\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2874216\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2866475\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2874216\");\n script_xref(name : \"URL\" , value : \"https://technet.microsoft.com/en-us/security/bulletin/ms13-061\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## Variables Initialization\nkey = \"\";\nversion = \"\";\nexeVer = \"\";\nexchangePath = \"\";\n\n\n## Confirm the application\nif(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\Exchange\") &&\n !registry_key_exists(key:\"SOFTWARE\\Microsoft\\ExchangeServer\")){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\";\n\nforeach version (make_list(\"Microsoft Exchange v14\", \"Microsoft Exchange\", \"Microsoft Exchange v15\"))\n{\n exchangePath = registry_get_sz(key: key + version, item:\"InstallLocation\");\n\n if(exchangePath)\n {\n ## Get Version from ExSetup.exe file version\n exeVer = fetch_file_version(sysPath:exchangePath,\n file_name:\"Bin\\ExSetup.exe\");\n\n if(exeVer)\n {\n ## Exchange Server 2007 Service Pack 3 (08.03.0327.001)\n ## Exchange Server 2010 Service Pack 2 (14.02.0375.000)\n ## Exchange Server 2010 Service Pack 3 (14.03.0158.001)\n ## Security Update For Exchange Server 2013 CU2 (KB2874216) (15.00.0712.028)\n ## Security Update For Exchange Server 2013 CU1 (KB2874216) (15.00.0620.034)\n if(version_is_less(version:exeVer, test_version:\"8.3.327.1\") ||\n version_in_range(version:exeVer, test_version:\"14.2\", test_version2:\"14.2.374\") ||\n version_in_range(version:exeVer, test_version:\"14.3\", test_version2:\"14.3.158\") ||\n version_in_range(version:exeVer, test_version:\"15.0.600\", test_version2:\"15.0.620.33\") ||\n version_in_range(version:exeVer, test_version:\"15.0.700\", test_version2:\"15.0.712.27\"))\n {\n security_message(0);\n exit(0);\n }\n }\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-01-08T14:02:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2393", "CVE-2013-3776", "CVE-2013-3781"], "description": "This host is missing a critical security update according to\nMicrosoft Bulletin MS13-061.", "modified": "2019-12-20T00:00:00", "published": "2013-08-14T00:00:00", "id": "OPENVAS:1361412562310902992", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902992", "type": "openvas", "title": "MS Exchange Server Remote Code Execution Vulnerabilities (2876063)", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# MS Exchange Server Remote Code Execution Vulnerabilities (2876063)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902992\");\n script_version(\"2019-12-20T12:48:41+0000\");\n script_cve_id(\"CVE-2013-2393\", \"CVE-2013-3776\", \"CVE-2013-3781\");\n script_bugtraq_id(59129, 61234, 61232);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 12:48:41 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-08-14 13:28:33 +0530 (Wed, 14 Aug 2013)\");\n script_name(\"MS Exchange Server Remote Code Execution Vulnerabilities (2876063)\");\n\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\nMicrosoft Bulletin MS13-061.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n script_tag(name:\"insight\", value:\"The flaws exist in the WebReady Document Viewing and Data Loss Prevention\nfeatures of Microsoft Exchange Server.\");\n script_tag(name:\"affected\", value:\"- Microsoft Exchange Server 2007 Service Pack 3\n\n - Microsoft Exchange Server 2010 Service Pack 2\n\n - Microsoft Exchange Server 2010 Service Pack 3\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an attacker to cause a denial of service\ncondition or run arbitrary code as LocalService on the affected Exchange\nserver.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2873746\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2874216\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2866475\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2874216\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/security/bulletin/ms13-061\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nif(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\Exchange\") &&\n !registry_key_exists(key:\"SOFTWARE\\Microsoft\\ExchangeServer\")){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\";\n\nforeach version (make_list(\"Microsoft Exchange v14\", \"Microsoft Exchange\", \"Microsoft Exchange v15\"))\n{\n exchangePath = registry_get_sz(key: key + version, item:\"InstallLocation\");\n\n if(exchangePath)\n {\n exeVer = fetch_file_version(sysPath:exchangePath,\n file_name:\"Bin\\ExSetup.exe\");\n\n if(exeVer)\n {\n ## Exchange Server 2007 Service Pack 3 (08.03.0327.001)\n ## Exchange Server 2010 Service Pack 2 (14.02.0375.000)\n ## Exchange Server 2010 Service Pack 3 (14.03.0158.001)\n ## Security Update For Exchange Server 2013 CU2 (KB2874216) (15.00.0712.028)\n ## Security Update For Exchange Server 2013 CU1 (KB2874216) (15.00.0620.034)\n if(version_is_less(version:exeVer, test_version:\"8.3.327.1\") ||\n version_in_range(version:exeVer, test_version:\"14.2\", test_version2:\"14.2.374\") ||\n version_in_range(version:exeVer, test_version:\"14.3\", test_version2:\"14.3.158\") ||\n version_in_range(version:exeVer, test_version:\"15.0.600\", test_version2:\"15.0.620.33\") ||\n version_in_range(version:exeVer, test_version:\"15.0.700\", test_version2:\"15.0.712.27\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:52", "bulletinFamily": "software", "cvelist": ["CVE-2013-2393", "CVE-2013-3776", "CVE-2013-3781"], "description": "Outlook Web Access vulnerabilities because of vulnerable Oracle Outside In libraries.", "edition": 1, "modified": "2013-08-14T00:00:00", "published": "2013-08-14T00:00:00", "id": "SECURITYVULNS:VULN:13252", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13252", "title": "Microsoft Exchange Oracle libraries security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:52", "bulletinFamily": "software", "cvelist": ["CVE-2013-3769", "CVE-2013-3824", "CVE-2013-3774", "CVE-2013-3749", "CVE-2013-3819", "CVE-2013-3778", "CVE-2013-3788", "CVE-2013-3809", "CVE-2013-3818", "CVE-2013-3799", "CVE-2010-0434", "CVE-2010-0425", "CVE-2013-3783", "CVE-2013-3791", "CVE-2013-3768", "CVE-2013-3807", "CVE-2013-3823", "CVE-2013-3755", "CVE-2013-3753", "CVE-2011-0419", "CVE-2013-3786", "CVE-2008-2364", "CVE-2013-3771", "CVE-2013-3782", "CVE-2013-3760", "CVE-2012-2687", "CVE-2013-3756", "CVE-2013-3789", "CVE-2013-3767", "CVE-2013-3811", "CVE-2013-3776", "CVE-2013-3746", "CVE-2013-3777", "CVE-2013-3750", "CVE-2013-3770", "CVE-2013-3772", "CVE-2013-3757", "CVE-2013-3787", "CVE-2013-3808", "CVE-2013-1861", "CVE-2013-3813", "CVE-2013-3775", "CVE-2013-3800", "CVE-2013-3765", "CVE-2013-3784", "CVE-2013-3759", "CVE-2013-3803", "CVE-2013-2461", "CVE-2013-3806", "CVE-2013-3745", "CVE-2013-3780", "CVE-2006-5752", "CVE-2013-3794", "CVE-2013-3758", "CVE-2010-2068", "CVE-2013-3816", "CVE-2013-3763", "CVE-2013-3810", "CVE-2013-3754", "CVE-2007-3847", "CVE-2013-3748", "CVE-2013-0398", "CVE-2013-3751", "CVE-2007-6388", "CVE-2013-3752", "CVE-2013-3764", "CVE-2013-3773", "CVE-2013-3812", "CVE-2007-5000", "CVE-2013-3781", "CVE-2013-3805", "CVE-2005-3352", "CVE-2013-3795", "CVE-2013-3820", "CVE-2013-3821", "CVE-2013-3822", "CVE-2013-3761", "CVE-2013-3804", "CVE-2011-3348", "CVE-2013-3779", "CVE-2013-3825", "CVE-2013-3797", "CVE-2013-3802", "CVE-2013-3790", "CVE-2013-3796", "CVE-2013-3793", "CVE-2013-3747", "CVE-2013-3798", "CVE-2013-3801"], "description": "Quarterly CPU fixes 89 dufferent vulnerabilities.", "edition": 1, "modified": "2013-08-12T00:00:00", "published": "2013-08-12T00:00:00", "id": "SECURITYVULNS:VULN:13214", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13214", "title": "Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mskb": [{"lastseen": "2021-01-01T22:46:35", "bulletinFamily": "microsoft", "cvelist": ["CVE-2013-2393", "CVE-2013-3776", "CVE-2013-3781"], "description": "<html><body><p>Resolves vulnerabilities in Microsoft Exchange Server that could allow remote code execution if a user on an affected Exchange server views a specially crafted file in an email attachment.</p><h2>INTRODUCTION</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS13-061. To view the complete security bulletin, go to one of the following Microsoft websites: <ul class=\"sbody-free_list\"><li>Home users:<br/><div class=\"indent\"><a href=\"http://www.microsoft.com/security/pc-security/updates.aspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/security/pc-security/updates.aspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now: <div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate/\" id=\"kb-link-2\" target=\"_self\">http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br/><div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms13-061\" id=\"kb-link-3\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS13-061</a></div></li></ul><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3>Help installing updates:\u00a0<a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-4\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <br/><a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-5\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your computer Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-6\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-7\" target=\"_self\">International Support</a><br/><br/></div><h2>More Information</h2><div><h3 class=\"sbody-h3\">More information about this security update</h3>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.<ul class=\"sbody-free_list\"><li><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/2866475\" id=\"kb-link-8\">2866475 </a> Description of Update Rollup 2 for Exchange Server 2010 Service Pack 3</div></li><li><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/2873746\" id=\"kb-link-9\">2873746 </a> Update Rollup 11 for Exchange Server 2007 SP3 is available</div></li><li><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/2874216\" id=\"kb-link-10\">2874216 </a>\u00a0Security issue that is described in Security Bulletin MS13-061 is resolved by an Exchange Server update</div><span class=\"text-base\">Known issues in update 2874216</span><br/><br/><span class=\"text-base\">Note </span>The following known issue is resolved with the re-release of the package that was issued on August 27.<ul class=\"sbody-free_list\"><li>Microsoft is aware of problems with update 2874216 that affect Exchange Server 2013. The issue could cause Exchange Server to stop indexing mail on servers. Microsoft has removed the update from Windows Update and the Download Center.\u00a0</li></ul></li></ul></div><h2></h2><div class=\"kb-moreinformation-section section\"> <br/><br/> For more information, click the following article number to view the article in the Microsoft Knowledge Base:<br/><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/2879739\" id=\"kb-link-11\">2879739 </a>\u00a0Security fix MS13-061 breaks content index on Exchange Server 2013</div></div><h2></h2><div class=\"kb-summary-section section\"><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">File hash information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">SHA1 hash</th><th class=\"sbody-th\">SHA256 hash</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x64-DE.msp</td><td class=\"sbody-td\">C46B9298D04F63AE6CCC93600943D3DB5970D2EF</td><td class=\"sbody-td\">AC9702743BB7BAD9C43ECD703E00C264EB623B2B7D914CB2F5720E5D8E22728D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x64-EN.msp</td><td class=\"sbody-td\">5A3713C81E037014340C0F5E74BF176A9468576E</td><td class=\"sbody-td\">2BC62954D341D056445EFA3FC9FAAAF576A897D2562BC57793AC1A8251C1A162</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x64-ES.msp</td><td class=\"sbody-td\">1C63A2070A73F277A7CD15D9749CD05C188D3D48</td><td class=\"sbody-td\">9EAE4D6DD784B700E5D539D0BECE6FCE903DA010E408133DDAB625AE0713950D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x64-FR.msp</td><td class=\"sbody-td\">5B042B73223F4BD8F5A90B3EB40C6219579F12C7</td><td class=\"sbody-td\">EC4A146D9C063FBBB4AAF213A2971714F7CF95E5C46C259C6B03937A79CD79A3</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x64-IT.msp</td><td class=\"sbody-td\">F2C3F0A7664CADC79AEAA6ADA84BCAA7B51BED19</td><td class=\"sbody-td\">6096B7F276AA787183BA172BD6DC1E48EC2222F51C29D07CCD753825D405670C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x64-JA.msp</td><td class=\"sbody-td\">4F42290D73D69CD165A973762B4A30E81ED2A85C</td><td class=\"sbody-td\">45FFA3BCB76A105E23B9EBB65843FEDB9CA37C76C6644839D3EA35EF23F8705B</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x64-KO.msp</td><td class=\"sbody-td\">4D302195390A4F074076CF8DA67706A223FA950C</td><td class=\"sbody-td\">1A6C85F4312BC95754722A9DA525D4EDA6F28797B38F59734AF46E51D648B1E0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x64-PT.msp</td><td class=\"sbody-td\">145099227DF30E08BC6082655CA36BBA4FAACA1B</td><td class=\"sbody-td\">A1551C1C894122B40794B64EB5E71545FD9A24C93B3C89C810CF319DFEAF7151</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x64-RU.msp</td><td class=\"sbody-td\">698D49D5893ACD01109B7E4B41B4CF5A3FB48386</td><td class=\"sbody-td\">6741F36DA6DF5625467B094EA5EB5974B1909613AFC6876AC3E17D116F0BAFD0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x64-ZH-CHS.msp</td><td class=\"sbody-td\">4D89EFC6E098160BC82EA1DB49C6A90120573771</td><td class=\"sbody-td\">6ACC4971D51F6032624CACA4745C655E89EBD65BFE52416605C77A515CE234DF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x64-ZH-CHT.msp</td><td class=\"sbody-td\">5654877B73B5A656E1C70E652A6A32EC9F85DBBE</td><td class=\"sbody-td\">704324480793AD71C82E55FF8EC6257A0EBF8F27A47D94FDF198BE018A02A80C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x86-DE.msp</td><td class=\"sbody-td\">A0142007FB7981BD07E07B6C3F1CA36A0B4EDA56</td><td class=\"sbody-td\">097C9188E8E569B573CE6B775649A583FCF3246E50FDDEB34AB31F498866AAE3</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x86-EN.msp</td><td class=\"sbody-td\">1B3ED4A07B34A0EF272B1AA0D53A46DC0DFE22FA</td><td class=\"sbody-td\">0C165ACB8CF2EC4A627F91FF6E528233573A1D82283D0C7EC84530135FFF1FD2</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x86-ES.msp</td><td class=\"sbody-td\">7450006FA458264D2FFE21AAA2B9FB82C3A0BF7A</td><td class=\"sbody-td\">98517F6FDBC13E63F01272519D42488B959B601F32FADBFFF6C401904D116E06</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x86-FR.msp</td><td class=\"sbody-td\">0C882B65F5A6FEF8841547B051E92B0703961220</td><td class=\"sbody-td\">32BEEF114B44F3630ED005695B9CF3E5E58FB0931BCB2926AAC66D5E49CCA71D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x86-IT.msp</td><td class=\"sbody-td\">FD79F6F11318DBFC5B3B9437231CDF6232168DF9</td><td class=\"sbody-td\">DDFAB680345AC7B858991AB15B3228F01C2C5AE29B4114C881439A28D62BD1D5</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x86-JA.msp</td><td class=\"sbody-td\">E3E9ED810896A29DF5B6BA8EB976728A252F8A9B</td><td class=\"sbody-td\">91BA2A69A2E981CCB673D90EA448DC6A6F00FA7137CDE4C1830AC2511B003A2A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x86-KO.msp</td><td class=\"sbody-td\">7F26E037BF71CCD90579421ADE24146A7CB7A9C2</td><td class=\"sbody-td\">CBF4054ABBF0CF28368ADCBD5BF097F0DD88D8E7CDCE050295D5C305F2723EE2</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x86-PT.msp</td><td class=\"sbody-td\">3A6F4D1D4E206ED8BE14BF9DE1382831DE7AAB51</td><td class=\"sbody-td\">8355D3B780CEE2E61F7BB034D2212FC81C05EFA0BF17791ED9BB2E8201691A3A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x86-RU.msp</td><td class=\"sbody-td\">BFF670D647AD4B9296EE02F581E0789A8C379868</td><td class=\"sbody-td\">B9188F69431CB80B5227EEAB06DC3027CC48A18CBC26C0154D217C7AF908E1B5</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x86-ZH-CHS.msp</td><td class=\"sbody-td\">B61D8DAAE2D221DD5BA656E2F6202D61D4F9AC11</td><td class=\"sbody-td\">605B59F047CEBBAF09BE06E3B1F3E2BA01931BA474301F2F26BFECA5A1C889B8</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2007-KB2873746-x86-ZH-CHT.msp</td><td class=\"sbody-td\">7D2C0E1FE179934344FC492CF9AA4BFD5D9F2D36</td><td class=\"sbody-td\">688899072DE577E69DC777E87C1E42ABDAE322A33E4F80564FEB7EE06FC528D9</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2866475-x64-ar.msp</td><td class=\"sbody-td\">1AF387255597474F90D05492D3066F47DF3C6EBF</td><td class=\"sbody-td\">E51D4947F25829BF826D72122E4FCB342B2A696DAA8613FF1A205B8713180D00</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2866475-x64-de.msp</td><td class=\"sbody-td\">17E466E3FC82FF291052141313A9D5C11E8E1DD1</td><td class=\"sbody-td\">554FC11169949FDDF09E20707F3EF92D2B227DD5CD0A34C17C245744FE57E884</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2866475-x64-en.msp</td><td class=\"sbody-td\">3DF411FF7F1F9334A063DBC6A1EDFB49CDE781D6</td><td class=\"sbody-td\">8D22C4C58367F238DB528CF1DB9A025DBA3F8E04928BFC28AF41BAAA48361FBB</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2866475-x64-es.msp</td><td class=\"sbody-td\">E572FDF12CCD19B26416AA19B7DC43291C67F507</td><td class=\"sbody-td\">BBF625E9DC087E2F4C58992BA276032ACB42777A9143C50B96ED6AC43D797AC7</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2866475-x64-fr.msp</td><td class=\"sbody-td\">E628AA9F5F2BCD404270DEAB489C9EA358385F6D</td><td class=\"sbody-td\">DAE40CA12617448AC15E47AA1A214A4C2B2DD2BD2C03787857512D2BBB2B35B9</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2866475-x64-he.msp</td><td class=\"sbody-td\">74E584F6B47C3CD929806ABC044DAA7250CFECA6</td><td class=\"sbody-td\">DA66775213195FD8F5EC308E184A1A23E0280EE9F01D13153D3C32776A6EE568</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2866475-x64-it.msp</td><td class=\"sbody-td\">E03E268ABFFD90D08B94EF039F1BDC30D30A344C</td><td class=\"sbody-td\">54AFDEB0A66A22D5CF2CD90E39D44698DA4322977850D441C377BA6F2498D0F2</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2866475-x64-ja.msp</td><td class=\"sbody-td\">AF47EC2B4150482DA36BBFF14BE5B463772C7ABA</td><td class=\"sbody-td\">0D63C6E085D9CBE46401E10A43C06CF7AC908D803928691430FA9F5EA84572F7</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2866475-x64-ko.msp</td><td class=\"sbody-td\">BC25592A9A8788B3E6365E249C3336AF80B85BE3</td><td class=\"sbody-td\">8F8893036F62A74BEC3C60D248AF71AF642CDE0B39D62E0416FDDBDA4BE160E4</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2866475-x64-pt.msp</td><td class=\"sbody-td\">2C1D28810A08EC0B361BB183C7B8F9EFBD6BD73F</td><td class=\"sbody-td\">D9D7296085055176F2E710FC06875989FF1A12932704B8D6148E4E3B55304428</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2866475-x64-ru.msp</td><td class=\"sbody-td\">88B382EDF4FD57A432F72698595A3E22354BBB81</td><td class=\"sbody-td\">DB872A7F2E9DD7B5581E8B611024B2CEF9AC6F6295AAAB28DB785EED5481576B</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2866475-x64-zh-hans.msp</td><td class=\"sbody-td\">D2C2C89837CCC32C930B99405345D01AA9329BCB</td><td class=\"sbody-td\">6E0F7F6FD5A179A34F6FF5597B0D62F8FF9984A2FACFAF9FD461D9CA69E247F4</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2866475-x64-zh-hant.msp</td><td class=\"sbody-td\">0F1160F875242B4215113C99B2AD2CCFFCB1D5DF</td><td class=\"sbody-td\">07812CEE547925D78F83D195CC3D6C21BDD83060E496757E86B7DBEFBBBD3AA5</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2874216-x64-ar.msp</td><td class=\"sbody-td\">72F746400A0C57FB7ED5D4DF49FE7E1C0C0494DA</td><td class=\"sbody-td\">23BC42C29CD6A7A2F1235975A79A94AB3A86E912917CD0895D19AECB115C2760</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2874216-x64-de.msp</td><td class=\"sbody-td\">0B8FADEB9451E1F90B39E815E0DE47D0E9016246</td><td class=\"sbody-td\">4C1376A6B88A8641C7DB975562FD683A49D360FB2B0A2CE83F4517D111E2C77A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2874216-x64-en.msp</td><td class=\"sbody-td\">F2B8520A57ABBF9C2262A4ECC0B9884E202F7B2B</td><td class=\"sbody-td\">7C9DCD022FD80759D284767B45322EB44455F877B348D11F0D080577DF7D63FF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2874216-x64-es.msp</td><td class=\"sbody-td\">04ECB146B9CDF7F8D2E237D73EE9B9065E575028</td><td class=\"sbody-td\">B106DEB7CBD1399C37D6225CA33DB5F584BEDD6CBDDAF11E723C3521E6B8430D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2874216-x64-fr.msp</td><td class=\"sbody-td\">058F386B43D3083960F4A153A1AF2A4410729890</td><td class=\"sbody-td\">DEB8CD38649F3EEF2D4E061ADC7DBC576FEEA54009422BDF9CE4436CB98F8D28</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2874216-x64-he.msp</td><td class=\"sbody-td\">A5BC1AEC083BC8D1B23DC09E30FE8A2F534738D3</td><td class=\"sbody-td\">ED6B88782CEEA568BC12344B1CA40A0A9BDED94978B30F96E2971841B0634944</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2874216-x64-it.msp</td><td class=\"sbody-td\">B6E14B4C33391DF2D87571CE3ECF391B9AED56FB</td><td class=\"sbody-td\">04DEF7B8F0D3AA825BFBB07DE7374905DB856D9F579D6C3841459707184C421A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2874216-x64-ja.msp</td><td class=\"sbody-td\">64EB764A947CE3590769CDA19C4FBD4C259D3AFC</td><td class=\"sbody-td\">2ECE817133AE877478A5A86E63AA661ACCF0BC6C7768A90584DF8980A69F28FD</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2874216-x64-ko.msp</td><td class=\"sbody-td\">574FBC438891B8DB4286D1B2EDC02EEB55AE31D1</td><td class=\"sbody-td\">C7069668B29761590ADB3B48C29058F0A1CD76222FB9F83E65B598BA6624D030</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2874216-x64-pt.msp</td><td class=\"sbody-td\">08FD6768D0382B862C5C0327FB1E1330C754BC6E</td><td class=\"sbody-td\">099F75BD692D7C866EC7706D90EF3554B755D3C30F892240AF8D42D223CBA9C7</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2874216-x64-ru.msp</td><td class=\"sbody-td\">3112046A997D63A591D1EF2C95102FF95D38325A</td><td class=\"sbody-td\">36F655AD1D1D85713884D5E013FC6EF3D08280FBF0069D49291A3FDF8E3F1B43</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2874216-x64-zh-hans.msp</td><td class=\"sbody-td\">37B01D58FEE84BD551929CD93CAAC8EFA2A62716</td><td class=\"sbody-td\">68A6B0D5B75224AB39646E1374FC72DEC98AA55133C2AE95691F335CAF41C190</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2010-KB2874216-x64-zh-hant.msp</td><td class=\"sbody-td\">408317E8D53D9F045C189FE41DB99B44E4F8B160</td><td class=\"sbody-td\">5EA110B208E3735CC8CBFA1F73AC0FA227E27F750387DF4842AFCDD71D8F0426</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-de.msp</td><td class=\"sbody-td\">147B0F1A839D5CCEDE4990124F8EF1A3B44D1E49</td><td class=\"sbody-td\">72B305E2B538E0EA2467A0EB4824FA72A590967842608DA4985E37F556C0FF4D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-en.msp</td><td class=\"sbody-td\">8583A9CD09891B8BCD3549401E1080E8116CF5FC</td><td class=\"sbody-td\">2D79C7118E70FF649E3DE1DC947F9E0F82382492BF45343D64AB8357B48F7EF3</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-es.msp</td><td class=\"sbody-td\">34CD94E4AD2D8F5772BB3F37AD707B7D6D874185</td><td class=\"sbody-td\">9EA85D7EFE5953461DECAF7B131F4A1B1421D022F047D435680DB5B26773D4AC</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-fr.msp</td><td class=\"sbody-td\">B0D2BF24343F8C9AB40999A538E40486763E8794</td><td class=\"sbody-td\">14BBE4AA60E505755599F49D25B21EE583DE704A07589C82EB26CA6D1455A2AA</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-it.msp</td><td class=\"sbody-td\">31B05B673D1D201797EB3BBEE66A80CAC1B9AE34</td><td class=\"sbody-td\">DCDB41C718F6EA36649C4C95B00DAB11A3B6377AA1A7475E193E3C45B0CA7A69</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-ja.msp</td><td class=\"sbody-td\">609D84434F7F7DB1C7C0974270B6BF5A5992872D</td><td class=\"sbody-td\">322F591F4E07BE28508434F5695B25BB593C2498A1D9ACCB558174D88FDA8EAB</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-ko.msp</td><td class=\"sbody-td\">5C0BF21F8255B83C4317EC3DB6C099095DAA8391</td><td class=\"sbody-td\">016FF15AFA20414849E724E181F0C2B2A79F3AB9D409D5CA6D729320B2046C53</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-pt.msp</td><td class=\"sbody-td\">FF5343C073C842B5481E41ABBD5CDFA8574E6C78</td><td class=\"sbody-td\">872F4834F23ACE739C3971D6200F459713B38DC04DFA1A15C96AE77DA4339703</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-ru.msp</td><td class=\"sbody-td\">A8D08C72ACB979C10635D1E4A112224AF548D321</td><td class=\"sbody-td\">CEE31FCD98AB10C6488BD7849E764DA87CC356B4ED9E0F913A185E418640EED8</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-zh-hans.msp</td><td class=\"sbody-td\">84529CDB2286361BEC28E19743A53D31974953BC</td><td class=\"sbody-td\">AC4B2BF76EF0D5473A27C3EFBE93856AB48911388899CD91A218B670D01701B8</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-zh-hant.msp</td><td class=\"sbody-td\">8DB3622EA802747A16D08E06F854FBB6FC8F81DE</td><td class=\"sbody-td\">7993F1421918D1506E1E4CD9DB86FADEC736404FC8D6C2AD3D2FCE80AA446FC8</td></tr></table></div><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">SHA1 hash</th><th class=\"sbody-th\">SHA256 hash</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-de.msp</td><td class=\"sbody-td\">8ADEA74979B64DEEB9D2F9F996F69AD83D80742F</td><td class=\"sbody-td\">5AD0A7A920B6846645E9B0619E8CD6CFB8C7B3A56684F31E24025DAA31883F2D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-en.msp</td><td class=\"sbody-td\">109D02A1714D46C9FCDCC471E0863C61B4CC57BF</td><td class=\"sbody-td\">36359C6CF5245FE856E19999032A298AB00B917739A07C6B4D95A397E39DC4D5</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-es.msp</td><td class=\"sbody-td\">2E5D91C93597E77039FBE8FAEA33A6DC8C939047</td><td class=\"sbody-td\">B457137C0DFCAB506715CF24DECA855B413D02027A4B5699D1225FD0D53F1336</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-fr.msp</td><td class=\"sbody-td\">69B5B02B37009954F2FC12607073403F9B8BD574</td><td class=\"sbody-td\">C7765052BD727BA02F37ADF938EB0D9DAB6CA5198F4727CD32E40435801C3B11</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-it.msp</td><td class=\"sbody-td\">A0273AD16A1F0E5F40EF628671560139A32FB7CD</td><td class=\"sbody-td\">BB82517F906B9F11BDB327144F32DE3B8E2F639A1131A84198C4A944B5E2020E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-ja.msp</td><td class=\"sbody-td\">4B68849BFDC9BD6EE2987E31A76E3E61071AEF40</td><td class=\"sbody-td\">ABBD9A729C5819C419F456B105CEC3237BD06BD644FA39A26F59C226E45440E4</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-ko.msp</td><td class=\"sbody-td\">8BED42399A5AA85414028944CA2A5839E05A16D3</td><td class=\"sbody-td\">03F657DEA7090696B0BFBE3D8D4AD0F7DE87AC3D95956EAEBC4DCBF88100A3EA</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-pt.msp</td><td class=\"sbody-td\">F8D573AF40E6D36C985AB278B085A01B70D46601</td><td class=\"sbody-td\">642D1E53B3C298F129F13FC16A918AB30E903C7F6C6C174B8EE92C0009BD7301</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-ru.msp</td><td class=\"sbody-td\">B5EF3E575253246A81FA70A364DF668A219C90D2</td><td class=\"sbody-td\">9D491A7301E58E8A6CA34EEA2FC3C759C2C324194F7F775C9E5468E47D79B582</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-zh-hans.msp</td><td class=\"sbody-td\">757CD3D2E4A617F234DD5B2C6B2C7F75271D5D9B</td><td class=\"sbody-td\">0183ACA28B94A76743389D8F1362463BAD68FAADD2851784C3A48ED51FC01861</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Exchange2013-KB2874216-x64-zh-hant.msp</td><td class=\"sbody-td\">B22F1E64B39CE9F7274C839295F23075D0CE56D1</td><td class=\"sbody-td\">ED9832E80D1633FF0429A5EF8184026B825D4E7546788D529B7B49D26B770CE0</td></tr></table></div></div><br/></span></div></div></div></div></body></html>", "edition": 2, "modified": "2017-09-14T19:14:45", "id": "KB2876063", "href": "https://support.microsoft.com/en-us/help/2876063/", "published": "2013-08-13T00:00:00", "title": "MS13-061: Vulnerabilities in Microsoft Exchange Server could allow remote code execution: August 13, 2013", "type": "mskb", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-01T05:43:37", "description": "The version of Microsoft Exchange installed on the remote host uses a\nversion of the Oracle Outside In libraries, which are affected by the\nfollowing vulnerabilities :\n\n - Two unspecified code execution vulnerabilities exist in\n the WebReady Document Viewing feature of Outlook Web\n Access. (CVE-2013-2393, CVE-2013-3776)\n\n - An unspecified denial of service vulnerability exists in\n the Data Loss Protection feature. This vulnerability\n only affects Exchange 2013. (CVE-2013-3781)\n\nThese vulnerabilities can be exploited when a user views a maliciously\ncrafted file in Outlook Web Access in a browser.", "edition": 25, "published": "2013-08-14T00:00:00", "title": "MS13-061: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2393", "CVE-2013-3776", "CVE-2013-3781"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:exchange_server"], "id": "SMB_NT_MS13-061.NASL", "href": "https://www.tenable.com/plugins/nessus/69326", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69326);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\"CVE-2013-2393\", \"CVE-2013-3776\", \"CVE-2013-3781\");\n script_bugtraq_id(59129, 61232, 61234);\n script_xref(name:\"MSFT\", value:\"MS13-061\");\n script_xref(name:\"MSKB\", value:\"2866475\");\n script_xref(name:\"MSKB\", value:\"2873746\");\n script_xref(name:\"MSKB\", value:\"2874216\");\n\n script_name(english:\"MS13-061: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)\");\n script_summary(english:\"Checks version of transcodingservice.exe\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote mail server has multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Microsoft Exchange installed on the remote host uses a\nversion of the Oracle Outside In libraries, which are affected by the\nfollowing vulnerabilities :\n\n - Two unspecified code execution vulnerabilities exist in\n the WebReady Document Viewing feature of Outlook Web\n Access. (CVE-2013-2393, CVE-2013-3776)\n\n - An unspecified denial of service vulnerability exists in\n the Data Loss Protection feature. This vulnerability\n only affects Exchange 2013. (CVE-2013-3781)\n\nThese vulnerabilities can be exploited when a user views a maliciously\ncrafted file in Outlook Web Access in a browser.\"\n );\n # https://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixFMW\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3b00e6f8\");\n # https://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html#AppendixFMW\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f2a3b072\");\n # https://blogs.technet.microsoft.com/exchange/2013/08/14/exchange-2013-security-update-ms13-061-status-update/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2b287b00\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-061\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Microsoft has released a set of patches for Exchange 2007 SP3, 2010 SP2\n/ SP3, and 2013 CU2 and CU3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:exchange_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS13-061';\nkbs = make_list(\n '2866475', # 2010 SP3\n '2873746', # 2007 SP3\n '2874216' # 2010 SP2, 2013 CU1 & CU2\n);\n\nif (get_kb_item('Host/patch_management_checks'))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nversion = get_kb_item_or_exit('SMB/Exchange/Version');\nsp = int(get_kb_item('SMB/Exchange/SP'));\n\n# bail out if one of the following affected configurations is not seen\nif (version != 80 && version != 140 && version != 150) # not 2007, 2010\n audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', version);\nelse if (version == 80 && sp != 3) # not 2007 SP3\n audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', '2007 SP' + sp);\nelse if (version == 140 && sp != 2 && sp != 3) # not 2010 SP2 or SP3\n audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', '2010 SP' + sp);\nelse if (version == 150 && sp != 0) # not 2013 CU1 or CU2 (no SP)\n audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', '2013 SP' + sp);\n\nexch_root = get_kb_item_or_exit('SMB/Exchange/Path', exit_code:1);\nif (exch_root[strlen(exch_root) - 1] != \"\\\") # add a trailing backslash if necessary\n exch_root += \"\\\";\nshare = hotfix_path2share(path:exch_root);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (version == 80 && sp == 3) # 2007 SP3\n kb = '2873746';\nelse if (version == 140 && sp == 2) # 2010 SP2\n kb = '2874216';\nelse if (version == 140 && sp == 3) # 2010 SP3\n kb = '2866475';\nelse if (version == 150) # 2013 CU1 and CU2\n kb = '2874216';\n\n# If Exchange 2013 is installed, make sure it is CU1 or CU2 before continuing\nif (version == 150)\n{\n exe = exch_root + \"Bin\\msexchangerepl.exe\";\n ret = hotfix_get_fversion(path:exe);\n if (ret['error'] != HCF_OK)\n {\n hotfix_check_fversion_end();\n audit(AUDIT_FN_FAIL, 'hotfix_get_fversion');\n }\n exe_ver = join(ret['value'], sep:'.');\n\n if (\n exe_ver !~ \"^15\\.0\\.620\\.\" && # 2013 CU1\n exe_ver !~ \"^15\\.0\\.712\\.\" # 2013 CU2\n )\n {\n hotfix_check_fversion_end();\n audit(AUDIT_INST_VER_NOT_VULN, 'Exchange 2013', exe_ver);\n }\n}\n\nooi_path = exch_root + \"ClientAccess\\Owa\\Bin\\DocumentViewing\";\nfile = 'vshwp2.dll';\n\nif (hotfix_is_vulnerable(path:ooi_path, file:file, version:'8.3.7.314', bulletin:bulletin, kb:kb))\n{\n set_kb_item(name:'SMB/Missing/' + bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oracle": [{"lastseen": "2019-05-29T18:20:57", "bulletinFamily": "software", "cvelist": ["CVE-2013-3769", "CVE-2013-1571", "CVE-2013-3824", "CVE-2013-3774", "CVE-2013-3749", "CVE-2013-2407", "CVE-2013-3819", "CVE-2013-3778", "CVE-2013-3788", "CVE-2013-3809", "CVE-2013-3818", "CVE-2013-3799", "CVE-2010-0434", "CVE-2010-0425", "CVE-2013-3783", "CVE-2013-3791", "CVE-2013-3768", "CVE-2013-3807", "CVE-2013-3823", "CVE-2013-3755", "CVE-2013-3753", "CVE-2011-0419", "CVE-2013-3786", "CVE-2008-2364", "CVE-2013-2451", "CVE-2013-3771", "CVE-2013-3782", "CVE-2013-3760", "CVE-2012-2687", "CVE-2013-3756", "CVE-2013-3789", "CVE-2013-3767", "CVE-2013-3811", "CVE-2013-3776", "CVE-2013-3746", "CVE-2013-3777", "CVE-2013-3750", "CVE-2013-3770", "CVE-2013-3772", "CVE-2013-3757", "CVE-2013-3787", "CVE-2013-3808", "CVE-2013-1861", "CVE-2013-3813", "CVE-2013-3775", "CVE-2013-3800", "CVE-2013-3765", "CVE-2013-3784", "CVE-2013-3759", "CVE-2013-3803", "CVE-2013-2461", "CVE-2013-3806", "CVE-2013-3745", "CVE-2013-3780", "CVE-2006-5752", "CVE-2013-3794", "CVE-2013-3758", "CVE-2010-2068", "CVE-2013-3816", "CVE-2013-3763", "CVE-2013-3810", "CVE-2013-3754", "CVE-2007-3847", "CVE-2013-3748", "CVE-2013-0398", "CVE-2013-3751", "CVE-2007-6388", "CVE-2013-3752", "CVE-2013-3764", "CVE-2013-3773", "CVE-2013-3812", "CVE-2007-5000", "CVE-2013-3781", "CVE-2013-3805", "CVE-2005-3352", "CVE-2013-3795", "CVE-2013-3820", "CVE-2013-2457", "CVE-2013-3821", "CVE-2013-3822", "CVE-2013-3761", "CVE-2013-3804", "CVE-2011-3348", "CVE-2013-3779", "CVE-2013-3825", "CVE-2013-3797", "CVE-2013-3802", "CVE-2013-3790", "CVE-2013-3796", "CVE-2013-3793", "CVE-2013-3747", "CVE-2013-3798", "CVE-2013-3801"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 89 new security fixes across the product families listed below.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n", "modified": "2013-09-11T00:00:00", "published": "2013-07-16T00:00:00", "id": "ORACLE:CPUJULY2013-1899826", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - July 2013", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
