ZDI-23-1448: Microsoft Exchange SharedTypeResolver Deserialization of Untrusted Data Remote Code Execution Vulnerability

Sept. 19, 2023, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability.

arbitrary code attackers authentication code code execution data deserialization exchange exploit microsoft microsoft exchange remote code remote code execution untrusted vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-23-1455: Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 1 day, 23 hours ago | www.zerodayinitiative.com

attackers disclosure exploit file +14

ZDI-23-1454: Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability 2 days, 23 hours ago | www.zerodayinitiative.com

arbitrary code attackers cobalt code +12

ZDI-23-1453: Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execution Vulnerability 2 days, 23 hours ago | www.zerodayinitiative.com

arbitrary code attackers cobalt code +13

ZDI-23-1452: Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execution Vulnerability 2 days, 23 hours ago | www.zerodayinitiative.com

arbitrary code attackers cobalt code +13

ZDI-23-1450: Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days, 23 hours ago | www.zerodayinitiative.com

arbitrary code attackers cobalt code +12

ZDI-23-1451: Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability 2 days, 23 hours ago | www.zerodayinitiative.com

arbitrary code attackers cobalt code +12

ZDI-23-1449: (0Day) Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability 2 days, 23 hours ago | www.zerodayinitiative.com

0day amp assistant attacker +20

ZDI-23-1446: Microsoft Windows Untrusted Script Execution Remote Code Execution Vulnerability 4 days, 23 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-23-1447: Microsoft Exchange ExFileLog Deserialization of Untrusted Data Denial-of-Service Vulnerability 4 days, 23 hours ago | www.zerodayinitiative.com

attackers authentication data deserialization +8

Business Information Security Officer

@ Metrolink | Los Angeles, CA

View on infosec-jobs.com

Senior Security Engineer

@ Freedom of the Press Foundation | Remote, 4 hour time zone overlap with New York City

View on infosec-jobs.com

Security Engineer

@ ChartMogul | Remote, EU

View on infosec-jobs.com

Senior Threat Engineer

@ Zscaler | Tel Aviv-Yafo, Israel

View on infosec-jobs.com

Information Security Communication Specialist

@ MicroStrategy | Mumbai, India

View on infosec-jobs.com

Principal Software Engineer (Network Security - SASE)

@ Palo Alto Networks | Santa Clara, CA, United States

View on infosec-jobs.com

View more jobs

all InfoSec news

ZDI-23-1448: Microsoft Exchange SharedTypeResolver Deserialization of Untrusted Data Remote Code Execution Vulnerability

More from www.zerodayinitiative.com / ZDI: Published Advisories

Jobs in InfoSec / Cybersecurity

Business Information Security Officer

Senior Security Engineer

Security Engineer

Senior Threat Engineer

Information Security Communication Specialist

Principal Software Engineer (Network Security - SASE)