Microsoft Exchange CVE-2018-8302 Remote Memory Corruption Vulnerability

Bugtraq ID:	104973
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2018-8302
Remote:	Yes
Local:	No
Published:	Aug 14 2018 12:00AM
Updated:	Aug 14 2018 12:00AM
Credit:	Anonymous working with Trend Micro's Zero Day Initiative
Vulnerable:	Microsoft Exchange Server 2016 Cumulative Update 9 0 Microsoft Exchange Server 2016 Cumulative Update 10 0 Microsoft Exchange Server 2013 Cumulative Update 21 0 Microsoft Exchange Server 2013 Cumulative Update 20 0 Microsoft Exchange Server 2010 SP3 Update Rollup 23
Not Vulnerable:

Microsoft Exchange CVE-2018-8302 Remote Memory Corruption Vulnerability

Microsoft Exchange is prone to a remote memory-corruption vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.

Microsoft Exchange CVE-2018-8302 Remote Memory Corruption Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Microsoft Exchange CVE-2018-8302 Remote Memory Corruption Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Microsoft Exchange CVE-2018-8302 Remote Memory Corruption Vulnerability

References:

• Microsoft Homepage (Microsoft)
  
• CVE-2018-8302 | Microsoft Exchange Memory Corruption Vulnerability (Microsoft)