CVE-2013-2393

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware versions 8.3.7 through 8.4.0 Exchange Server 2007 Exchange Server 2010 Exchange Server 2013

Description The issue allows attackers to affect availability or execute remote code, depending on the context. For Exchange Server, the vulnerability exists through the WebReady Document Viewing feature, allowing remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network.

Recommendations For Oracle Fusion Middleware versions 8.3.7 through 8.4.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Exchange Server 2007, consider disabling the WebReady Document Viewing feature until a patch is available. For Exchange Server 2010, restrict access to the WebReady Document Viewing feature to minimize the risk of exploitation. For Exchange Server 2013, avoid using the WebReady Document Viewing feature until the issue is resolved.