Lucene search

K
zdiPiotr Bazydlo (@chudypb) of Trend Micro Zero Day InitiativeZDI-22-1630
HistoryNov 22, 2022 - 12:00 a.m.

Microsoft Exchange G711Reader Exposed Dangerous Function Information Disclosure Vulnerability

2022-11-2200:00:00
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
25
microsoft exchange
g711reader
information disclosure
authentication
vulnerability
system

EPSS

0.134

Percentile

95.7%

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the G711Reader class. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM.