A combination of a server-side request forgery vulnerability and an arbitrary file write vulnerability, allows unauthenticated attackers to execute commands with SYSTEM privileges in Microsoft Exchange Server.
This update adds several parameters for module flexibility; more log verbosity on errors and fixes a bug when using autodiscover to retrieve email SID.
This update adds several parameters for module flexibility; more log verbosity on errors and fixes a bug when using autodiscover to retrieve email SID.
CVE Link
Exploit Platform
Exploit Type
Product Name