Vulnerabilities > CVE-2013-3781 - Local Security vulnerability in Oracle Fusion Middleware 8.3.7.0/8.4/8.4.1

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
oracle
nessus

Summary

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3776. Per: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html 'Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8.'

Vulnerable Configurations

Part Description Count
Application
Oracle
3

Msbulletin

bulletin_idMS13-061
bulletin_url
date2013-08-13T00:00:00
impactRemote Code Execution
knowledgebase_id2876063
knowledgebase_url
severityCritical
titleVulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS13-061.NASL
descriptionThe version of Microsoft Exchange installed on the remote host uses a version of the Oracle Outside In libraries, which are affected by the following vulnerabilities : - Two unspecified code execution vulnerabilities exist in the WebReady Document Viewing feature of Outlook Web Access. (CVE-2013-2393, CVE-2013-3776) - An unspecified denial of service vulnerability exists in the Data Loss Protection feature. This vulnerability only affects Exchange 2013. (CVE-2013-3781) These vulnerabilities can be exploited when a user views a maliciously crafted file in Outlook Web Access in a browser.
last seen2020-06-01
modified2020-06-02
plugin id69326
published2013-08-14
reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/69326
titleMS13-061: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(69326);
  script_version("1.12");
  script_cvs_date("Date: 2018/11/15 20:50:31");

  script_cve_id("CVE-2013-2393", "CVE-2013-3776", "CVE-2013-3781");
  script_bugtraq_id(59129, 61232, 61234);
  script_xref(name:"MSFT", value:"MS13-061");
  script_xref(name:"MSKB", value:"2866475");
  script_xref(name:"MSKB", value:"2873746");
  script_xref(name:"MSKB", value:"2874216");

  script_name(english:"MS13-061: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)");
  script_summary(english:"Checks version of transcodingservice.exe");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote mail server has multiple vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The version of Microsoft Exchange installed on the remote host uses a
version of the Oracle Outside In libraries, which are affected by the
following vulnerabilities :

  - Two unspecified code execution vulnerabilities exist in
    the WebReady Document Viewing feature of Outlook Web
    Access. (CVE-2013-2393, CVE-2013-3776)

  - An unspecified denial of service vulnerability exists in
    the Data Loss Protection feature.  This vulnerability
    only affects Exchange 2013. (CVE-2013-3781)

These vulnerabilities can be exploited when a user views a maliciously
crafted file in Outlook Web Access in a browser."
  );
  # https://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html#AppendixFMW
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3b00e6f8");
  # https://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html#AppendixFMW
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f2a3b072");
  # https://blogs.technet.microsoft.com/exchange/2013/08/14/exchange-2013-security-update-ms13-061-status-update/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2b287b00");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-061");
  script_set_attribute(
    attribute:"solution",
    value:
"Microsoft has released a set of patches for Exchange 2007 SP3, 2010 SP2
/ SP3, and 2013 CU2 and CU3."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/08/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:exchange_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");

  script_dependencies("ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS13-061';
kbs = make_list(
  '2866475', # 2010 SP3
  '2873746', # 2007 SP3
  '2874216'  # 2010 SP2, 2013 CU1 & CU2
);

if (get_kb_item('Host/patch_management_checks'))
  hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

version = get_kb_item_or_exit('SMB/Exchange/Version');
sp = int(get_kb_item('SMB/Exchange/SP'));

# bail out if one of the following affected configurations is not seen
if (version != 80 && version != 140 && version != 150) # not 2007, 2010
  audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', version);
else if (version == 80 && sp != 3) # not 2007 SP3
  audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', '2007 SP' + sp);
else if (version == 140 && sp != 2 && sp != 3) # not 2010 SP2 or SP3
  audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', '2010 SP' + sp);
else if (version == 150 && sp != 0) # not 2013 CU1 or CU2 (no SP)
  audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', '2013 SP' + sp);

exch_root = get_kb_item_or_exit('SMB/Exchange/Path', exit_code:1);
if (exch_root[strlen(exch_root) - 1] != "\") # add a trailing backslash if necessary
  exch_root += "\";
share = hotfix_path2share(path:exch_root);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (version == 80 && sp == 3) # 2007 SP3
  kb = '2873746';
else if (version == 140 && sp == 2) # 2010 SP2
  kb = '2874216';
else if (version == 140 && sp == 3) # 2010 SP3
  kb = '2866475';
else if (version == 150) # 2013 CU1 and CU2
  kb = '2874216';

# If Exchange 2013 is installed, make sure it is CU1 or CU2 before continuing
if (version == 150)
{
  exe = exch_root + "Bin\msexchangerepl.exe";
  ret = hotfix_get_fversion(path:exe);
  if (ret['error'] != HCF_OK)
  {
    hotfix_check_fversion_end();
    audit(AUDIT_FN_FAIL, 'hotfix_get_fversion');
  }
  exe_ver = join(ret['value'], sep:'.');

  if (
    exe_ver !~ "^15\.0\.620\." && # 2013 CU1
    exe_ver !~ "^15\.0\.712\."    # 2013 CU2
  )
  {
    hotfix_check_fversion_end();
    audit(AUDIT_INST_VER_NOT_VULN, 'Exchange 2013', exe_ver);
  }
}

ooi_path = exch_root + "ClientAccess\Owa\Bin\DocumentViewing";
file = 'vshwp2.dll';

if (hotfix_is_vulnerable(path:ooi_path, file:file, version:'8.3.7.314', bulletin:bulletin, kb:kb))
{
  set_kb_item(name:'SMB/Missing/' + bulletin, value:TRUE);
  hotfix_security_warning();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Oval

accepted2013-10-14T04:00:11.165-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • namePooja Shetty
    organizationSecPod Technologies
definition_extensions
  • commentMicrosoft Exchange Server 2007 SP3 is installed
    ovaloval:org.mitre.oval:def:15784
  • commentMicrosoft Exchange Server 2010 SP2 is installed
    ovaloval:org.mitre.oval:def:14151
  • commentMicrosoft Exchange Server 2010 SP3 is installed
    ovaloval:org.mitre.oval:def:17932
  • commentMicrosoft Exchange Server 2013 Cumulative Update 1 is installed
    ovaloval:org.mitre.oval:def:18838
  • commentMicrosoft Exchange Server 2013 Cumulative Update 2 is installed
    ovaloval:org.mitre.oval:def:18484
descriptionUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3776.
familywindows
idoval:org.mitre.oval:def:18156
statusaccepted
submitted2013-08-19T11:51:17
titleOracle Outside In Contains Multiple Exploitable Vulnerabilities - CVE-2013-3781 (MS13-061)
version6