CVE-2013-5763

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware version 8.4.0 Exchange Server 2007 Exchange Server 2010 Exchange Server 2013

Description The issue allows attackers to affect availability or execute remote code, depending on the context. For Exchange Server, the vulnerability exists through the WebReady Document Viewing feature, allowing remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network.

Recommendations For Oracle Fusion Middleware version 8.4.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Exchange Server 2007, update to a version that does not use the vulnerable WebReady Document Viewing feature. For Exchange Server 2010, update to a version that does not use the vulnerable WebReady Document Viewing feature. For Exchange Server 2013, update to a version that does not use the vulnerable WebReady Document Viewing feature.