https://www.computerworld.com/s/article/9229816/Microsoft_warns_of_critical_Oracle_code_bugs_in_Exchange By Gregg Keizer Computerworld July 31, 2012 Microsoft last week warned IT administrators that critical vulnerabilities in code licensed from Oracle could give attackers access to Exchange Server 2007 and Exchange Server 2010 systems. Oracle patched the vulnerabilities in its "Oracle Outside In" code libraries as part of a massive update on July 17 that fixed nearly 90 flaws in its database software. Exchange, as well as Microsoft's FAST Search Server 2010 for SharePoint, use the Oracle Outside In libraries to display file attachments in a browser rather than to open them in a locally-stored application, like Microsoft Word. The vulnerabilities are within the code that parses those attachments. "An attacker who successfully exploited these vulnerabilities could run arbitrary code under the process that is performing the parsing of the specially crafted files," said Microsoft in the security advisory it issued a week ago. [...] -- Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online. Come to a free class and see how good and fun the program really is. http://www.expandingsecurity.com/PainPillReceived on Wed Aug 01 2012 - 02:14:50 PDT
This archive was generated by hypermail 2.2.0 : Wed Aug 01 2012 - 02:36:20 PDT