Microsoft warns of critical Oracle code bugs in Exchange
Microsoft last week warned IT administrators that critical vulnerabilities in code licensed from Oracle could give attackers access to Exchange Server 2007 and Exchange Server 2010 systems.
Oracle patched the vulnerabilities in its "Oracle Outside In" code libraries as part of a massive update on July 17 that fixed nearly 90 flaws in its database software.
Exchange, as well as Microsoft's FAST Search Server 2010 for SharePoint, use the Oracle Outside In libraries to display file attachments in a browser rather than to open them in a locally-stored application, like Microsoft Word. The vulnerabilities are within the code that parses those attachments. "An attacker who successfully exploited these vulnerabilities could run arbitrary code under the process that is performing the parsing of the specially crafted files," said Microsoft in the security advisory it issued a week ago.
- Wed, 2013-05-15 03:49
- Mon, 2013-05-13 01:44
- Fri, 2013-05-10 00:17