Home / bulletins MS12-058 - Critical : Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358) - Version: 2.0
Posted on 10 October 2012
There is an newer version: MS12-058 - Version: 2.2
CriticalSeverity Rating: Critical
Revision Note: V2.0 (October 9, 2012): Revised bulletin to offer the rerelease of updates for Microsoft Exchange Server 2007 Service Pack 3 (KB2756497), Microsoft Exchange Server 2010 Service Pack 1 (KB2756496), and Microsoft Exchange Server 2010 Service Pack 2 (KB2756485). Customers need to apply the rereleased updates to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655.
Summary: This security update resolves publicly disclosed vulnerabilities in Microsoft Exchange Server WebReady Document Viewing. The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing is running in the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network.Other versions
- MS12-058 - Version: 1.0
- MS12-058 - Version: 2.0
- MS12-058 - Version: 2.1
- MS12-058 - Version: 2.2
