Published: 11/09/2020 Updated: 17/09/2020
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

Microsoft Exchange could allow a remote malicious user to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft exchange server 2016

microsoft exchange server 2019

Mailing Lists

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server Authentication is required to exploit this vulnerability Additionally, the target user must have the "Data Loss Prevention" role assigned and an active mailbox If the user is in the "Compliance Management" or greater "Organization Ma ...

Github Repositories


红队中易被攻击的一些重点系统漏洞整理 一、OA系统 泛微(Weaver-Ecology-OA) 泛微OA E-cology RCE(CNVD-2019-32204) - 影响版本70/80/81/90 泛微OA WorkflowCenterTreeData接口注入(限oracle数据库) 泛微ecology OA数据库配置信息泄露 泛微OA云桥任意文件读取 - 影响2018-2019 多个版本 泛微 e-cology OA 前台SQL注入漏

Summary of the most current security updates and patches released by Microsoft and other major apps

Patch Tuesdays The latest cybersecurity news on recent current security updates and patches released by Microsoft and other developers September 2020 security releases Adobe Updates for these products: Adobe InDesign Adobe Framemaker Adobe Experience Manager Summary of vulnerability details: Arbitrary code execution Buffer overflow and out of bounds read leading to arbitrary c

Recent Articles

Microsoft’s Patch Tuesday Packed with Critical RCE Bugs
Threatpost • Tara Seals • 08 Sep 2020

Microsoft has released patches for 129 security bugs in its September Patch Tuesday update. These include 23 critical flaws, 105 that are important in severity and one moderate bug. Fortunately, none are publicly known or under active exploitation, Microsoft said.
The most severe issue in the bunch is CVE-2020-16875, according to researchers. This is a memory-corruption problem in Microsoft Exchange that allows remote code-execution (RCE) just by sending an email to a target. Running arbit...

The Register

A nightmare flaw for Exchange Server headlines this month's Patch Tuesday lineup from Microsoft and others.
September sees a bundle of 129 CVE-listed flaws patched by Microsoft. The vast majority of those, 105 in total, are classified as 'important' risks. Another 23 are considered critical bugs, and one is listed as moderate.
None of the bugs have public exploit code or in-the-wild attacks yet.
Of the nearly two-dozen critical patches, Zero Day Initiative's Dustin Childs says ...