CVE-2013-3781

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware versions 8.3.7 through 8.4.1 Exchange Server 2013 (affected versions not specified)

Description The issue affects the availability of the system. In the case of Exchange Server 2013, the vulnerability is related to the Data Loss Protection (DLP) feature and can cause the server to become unresponsive when a user views a specially crafted file through Outlook Web Access in a browser. For Oracle Fusion Middleware, the vulnerability is related to the Outside In Technology component, specifically Outside In Filters.

Recommendations For Oracle Fusion Middleware versions 8.3.7 through 8.4.1, update to a version that addresses the issue. For Exchange Server 2013, avoid viewing specially crafted files through Outlook Web Access in a browser until a fix is available. As a temporary workaround, consider restricting access to the DLP feature in Exchange Server 2013 to minimize the risk of exploitation.