CVE-2013-5791

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware versions 8.4.0 through 8.4.1 Exchange Server 2007 Exchange Server 2010 Exchange Server 2013

Description The issue allows attackers to affect availability and potentially execute arbitrary code. In the case of Exchange Server, vulnerabilities exist in the WebReady Document Viewing feature, which could allow remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network.

Recommendations For Oracle Fusion Middleware versions 8.4.0 through 8.4.1, update to a version that addresses the issue in the Outside In Technology component. For Exchange Server 2007, Exchange Server 2010, and Exchange Server 2013, disable the WebReady Document Viewing feature until a patch is available to prevent remote code execution through specially crafted files. As a temporary workaround, consider restricting access to the WebReady Document Viewing feature in Exchange Server to minimize the risk of exploitation.