logo
DATABASE RESOURCES PRICING ABOUT US

Microsoft Exchange Server msExchEcpCanary CSRF / Privilege Escalation Exploit

Description

Microsoft Exchange Server has a flaw that exists within the HasValidCanary function inside of the Canary15 class. The issue results in an insecure generation of cross site request forgery tokens that can be used to install an office-addins. An attacker can leverage this vulnerability to escalate privileges to an administrative account.


Related