Oval Definition:	oval:org.mitre.oval:def:20083
Revision Date: 2014-01-20 Version: 5 Title: Oracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-5791) - MS13-105 Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is a stack-based buffer overflow in the Microsoft Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52, which allows attackers to execute arbitrary code via a long field (aka column) name. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2013-5791 Platform(s): Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Product(s): Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft Exchange Server 2013 Definition Synopsis Exchange Server 2007 and vulnerable file version Microsoft Exchange Server 2007 SP3 is installed AND Check if the version of exsetup.exe is less than 8.3.342.4 OR Exchange Server 2010 SP2 and vulnerable file version Microsoft Exchange Server 2010 SP2 is installed AND Check if the version of exsetup.exe is less than 14.2.390.3 OR Exchange Server 2010 SP3 and vulnerable file version Microsoft Exchange Server 2010 SP3 is installed AND Check if the version of exsetup.exe is less than 14.3.174.1 OR Exchange Server 2013 CU2 and vulnerable file version Microsoft Exchange Server 2013 Cumulative Update 2 is installed AND Check if the version of exsetup.exe is less than 15.0.712.31 OR Exchange Server 2013 CU3 and vulnerable file version Microsoft Exchange Server 2013 Cumulative Update 3 is installed AND Check if the version of exsetup.exe is less than 15.0.775.41
BACK