The vulnerability of the ChainedSerializationBinder class in the Microsoft Exchange Server mail server allows a hacker to execute arbitrary code.

The vulnerability of the ChainedSerializationBinder class in the Microsoft Exchange Server mail server relates to the deserialization of unreliable data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with SYSTEM privileges remotely...

(0Day) Microsoft Exchange ChainedSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the ChainedSerializationBinder class. The issue results from the lack of proper validatio...

PT-2023-36418 · Undefined · Undefined

Уязвимость класса ChainedSerializationBinder почтового сервера Microsoft Exchange Server связана с десериализацией ненадежных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с привилегиями SYSTEM...

Microsoft Exchange Server ChainedSerializationBinder RCE

This module exploits vulnerabilities within the ChainedSerializationBinder as used in Exchange Server 2019 CU10, Exchange Server 2019 CU11, Exchange Server 2016 CU21, and Exchange Server 2016 CU22 all prior to Mar22SU. Note that authentication is required to exploit these vulnerabilities. Module...

Metasploit Wrap-Up

Zimbra Auth Bypass to Shell Ron Bowes added an exploit module that targets multiple versions of Zimbra Collaboration Suite. The module leverages an authentication bypass CVE-2022-37042 and a directory traversal vulnerability CVE-2022-27925 to gain code execution as the zimbra user. The auth bypas...

Microsoft Exchange Server ChainedSerializationBinder Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'nokogiri' class MetasploitModule 'Microsoft Exchange Server ChainedSerializationBinder RCE', 'Description' = %q This module exploits vulnerabilities within the...

Microsoft Exchange Server Remote Code Execution Exploit

This Metasploit module allows remote attackers to execute arbitrary code on Exchange Server 2019 CU10 prior to Security Update 3, Exchange Server 2019 CU11 prior to Security Update 2, Exchange Server 2016 CU21 prior to Security Update 3, and Exchange Server 2016 CU22 prior to Security Update 2...

Metasploit Weekly Wrap-Up

Exchange RCE Exchange remote code execution vulnerabilities are always valuable exploits to have. This week Metasploit added an exploit for an authenticated RCE in Microsoft Exchange servers 2016 and server 2019 identified as CVE-2021-42321. The flaw leveraged by the exploit exists in a...

Microsoft Exchange Server Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'nokogiri' class MetasploitModule 'Microsoft Exchange Server ChainedSerializationBinder Deny List Typo RCE', 'Description' = %q This vulnerability allows remote...

Microsoft Exchange Server ChainedSerializationBinder Deny List Typo RCE

This vulnerability allows remote attackers to execute arbitrary code on Exchange Server 2019 CU10 prior to Security Update 3, Exchange Server 2019 CU11 prior to Security Update 2, Exchange Server 2016 CU21 prior to Security Update 3, and Exchange Server 2016 CU22 prior to Security Update 2. Note...