Msrc Microsoft Exchange Server 2010 Service Pack 3 vulnerabilities

CVE-2021-26857 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: Is this vulnerability being used in an active attack? Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange

CVE-2019-1136 [HIGH] Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other users. Exploitation of this vulnerability

CVE-2019-1084 [MEDIUM] Microsoft Exchange Information Disclosure Vulnerability Microsoft Exchange Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by vali

CVE-2019-0817 [MEDIUM] Microsoft Exchange Spoofing Vulnerability Microsoft Exchange Spoofing Vulnerability Description: A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could

CVE-2010-3190 [CRITICAL] MFC Insecure Library Loading Vulnerability MFC Insecure Library Loading Vulnerability Description: A remote code execution vulnerability exists in the way that certain applications built using Microsoft Foundation Classes (MFC) handle the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full

CVE-2017-8621 [MEDIUM] Microsoft Exchange Open Redirect Vulnerability Microsoft Exchange Open Redirect Vulnerability Description: An open redirect vulnerability exists in Microsoft Exchange that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL, and convince the user to click the link. When an authenticated Exchange user clicks the link, the authenticated user's browser session could be redirected to a malicious site that is des

CVE-2016-0138 [MEDIUM] Microsoft Outlook Information Disclosure Vulnerability Microsoft Outlook Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the way that Microsoft Exchange Server parses email messages. The vulnerability could allow an attacker to discover confidential user information that is contained in Microsoft Outlook applications. To exploit the vulnerability, an attacker could use "send as" rights to send a specially crafted message