Published: 11/09/2020 Updated: 17/09/2020
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

Microsoft Exchange could allow a remote malicious user to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft exchange server 2016

microsoft exchange server 2019

Mailing Lists

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server Authentication is required to exploit this vulnerability Additionally, the target user must have the "Data Loss Prevention" role assigned and an active mailbox If the user is in the "Compliance Management" or greater "Organization Ma ...

Github Repositories


渗透 Seagate Central Storage远程执行代码0天 NSA固件漏洞挖掘 SKF实验室 GraphQL错误,JWT,SSRF,SSTI漏洞环境,可以和githubcom/D0g3-Lab/H1ve漏洞环境结合一起使用 hydra使用 新用法、结合tor代理破解密码 通过滥用文件下载功能中的SQL注入来窃取NTLMv2哈希 通过注入获取NTLMv2 hash值 持久性&nd

Compiled binaries and ready code for Red Teaming

Red Team Binaries Compiled binaries and ready to use code for red teaming *References: githubcom/GhostPack githubcom/rootm0s/WinPwnage githubcom/0xbadjuju/WheresMyImplant githubcom/hfiref0x/UACME githubcom/RhinoSecurityLabs/Aggressor-Scripts pentestmagcom/simpleshellcodeinjector-ssi/ Exploits krbtgtpw/dacl-permis


红队中易被攻击的一些重点系统漏洞整理 一、OA系统 泛微(Weaver-Ecology-OA) 泛微OA E-cology RCE(CNVD-2019-32204) - 影响版本70/80/81/90 泛微OA WorkflowCenterTreeData接口注入(限oracle数据库) 泛微ecology OA数据库配置信息泄露 泛微OA云桥任意文件读取 - 影响2018-2019 多个版本 泛微 e-cology OA 前台SQL注入漏

Summary of the most current security updates and patches released by Microsoft and other major apps

Patch Tuesdays The latest cybersecurity news on recent current security updates and patches released by Microsoft and other developers September 2020 security releases Adobe Updates for these products: Adobe InDesign Adobe Framemaker Adobe Experience Manager Summary of vulnerability details: Arbitrary code execution Buffer overflow and out of bounds read leading to arbitrary c


欢迎关注阿尔法实验室微信公众号 20201231 [漏洞] 2020年增加的10个最严重的CVE blogdetectifycom/2020/12/30/top-10-critical-cves-added-in-2020/ Chromium RawClipboardHostImpl中的UAF漏洞 bugschromiumorg/p/chromium/issues/detail?id=1101509 [工具] Sarenka:OSINT工具,将来自shodan、censys等服务的数据集中在一处

Recent Articles

Microsoft Wraps Up a Lighter Patch Tuesday for the Holidays
Threatpost • Tara Seals • 08 Dec 2020

Microsoft has addressed 58 CVEs (nine of them critical) for its December 2020 Patch Tuesday update. This brings the computing giant’s patch tally to 1,250 for the year – well beyond 2019’s 840.
This month’s security bugs affect Microsoft Windows, Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Office Services and Web Apps, Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK and Azure Sphere, according to the update. None are listed as publicly known ...

Microsoft’s Patch Tuesday Packed with Critical RCE Bugs
Threatpost • Tara Seals • 08 Sep 2020

Microsoft has released patches for 129 security bugs in its September Patch Tuesday update. These include 23 critical flaws, 105 that are important in severity and one moderate bug. Fortunately, none are publicly known or under active exploitation, Microsoft said.
The most severe issue in the bunch is CVE-2020-16875, according to researchers. This is a memory-corruption problem in Microsoft Exchange that allows remote code-execution (RCE) just by sending an email to a target. Running arbit...

The Register

A nightmare flaw for Exchange Server headlines this month's Patch Tuesday lineup from Microsoft and others.
September sees a bundle of 129 CVE-listed flaws patched by Microsoft. The vast majority of those, 105 in total, are classified as 'important' risks. Another 23 are considered critical bugs, and one is listed as moderate.
None of the bugs have public exploit code or in-the-wild attacks yet.
Of the nearly two-dozen critical patches, Zero Day Initiative's Dustin Childs says ...