Deserialization vulnerability in Microsoft Exchange MeetingPollProposeOptionsPayload.GetRequests() method. This method can be triggered with an HTTP request and with a specially crafted XML payload it can lead to OS command execution within the context of the w3wp.exe process which has SYSTEM level privileges.
The XML payload is a .NET serialized object which contains the DataContractSerializer formatter and, it may contain the ObjectDataProvider chain from YSoSerial.NET; although other chains can be used. The payload needs to be crafted to be compatible with the way in which Exchange deserializes it.
The XML payload is a .NET serialized object which contains the DataContractSerializer formatter and, it may contain the ObjectDataProvider chain from YSoSerial.NET; although other chains can be used. The payload needs to be crafted to be compatible with the way in which Exchange deserializes it.
CVE Link
Exploit Platform
Exploit Type
Product Name