E20-0yy81
CVSS:
8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
17
Year:
2020
Description
A remote code execution vulnerability exists in Microsoft Exchange Server due to a hardcoded validation key.
A remote authenticated attacker may send a crafted serialized 'ViewState' object, which gets deserialized on the server to achieve remote code execution as the 'SYSTEM' user.
CVE
References
Metasploit
http://www.zerodayinitiative.com/advisories/ZDI-20-258
Zdi
20-258