CVE-2013-3776

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware versions 8.3.7 through 8.4.1 Exchange Server 2007 Exchange Server 2010 Exchange Server 2013

Description The issue allows attackers to affect availability or execute remote code, depending on the context. For Exchange Server, the vulnerability could allow remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network.

Recommendations For Oracle Fusion Middleware versions 8.3.7 through 8.4.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Exchange Server 2007, consider disabling the WebReady Document Viewing feature until a patch is available. For Exchange Server 2010, consider disabling the WebReady Document Viewing feature until a patch is available. For Exchange Server 2013, consider disabling the WebReady Document Viewing feature until a patch is available.