Microsoft Forefront Security for Exchange Server 2010 Mail code injection
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.7 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Microsoft Forefront Security for Exchange Server 2010 and classified as critical. This affects an unknown part of the component Mail Handler. Performing a manipulation results in code injection. This vulnerability is reported as CVE-2014-0294. No exploit exists. To fix this issue, it is recommended to deploy a patch.
Details
A vulnerability classified as critical has been found in Microsoft Forefront Security for Exchange Server 2010. This affects an unknown part of the component Mail Handler. The manipulation with an unknown input leads to a code injection vulnerability. CWE is classifying the issue as CWE-94. The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerability."
The weakness was disclosed 02/11/2014 with Microsoft as MS14-008 as confirmed bulletin (Technet). It is possible to read the advisory at technet.microsoft.com. This vulnerability is uniquely identified as CVE-2014-0294 since 12/03/2013. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1059 according to MITRE ATT&CK.
The vulnerability scanner Nessus provides a plugin with the ID 72431 (MS14-008: Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. The commercial vulnerability scanner Qualys is able to test this issue with plugin 90941 (Microsoft Forefront Protection for Exchange Remote Code Execution Vulnerability (MS14-008)).
Applying the patch MS14-008 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (90790), Tenable (72431), SecurityFocus (BID 65397†), OSVDB (103161†) and Secunia (SA56788†). Further details are available at zdnet.com. The entries VDB-12238, VDB-12239, VDB-12240 and VDB-12241 are pretty similar. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 10.0VulDB Meta Temp Score: 8.7
VulDB Base Score: 10.0
VulDB Temp Score: 8.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Code injectionCWE: CWE-94 / CWE-74 / CWE-707
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 72431
Nessus Name: MS14-008: Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 903431
OpenVAS Name: Microsoft Forefront Protection For Exchange RCE Vulnerability (2927022)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: MS14-008
Timeline
12/03/2013 🔍02/11/2014 🔍
02/11/2014 🔍
02/11/2014 🔍
02/11/2014 🔍
02/11/2014 🔍
02/11/2014 🔍
02/12/2014 🔍
02/12/2014 🔍
02/12/2014 🔍
01/09/2025 🔍
Sources
Vendor: microsoft.comAdvisory: MS14-008
Organization: Microsoft
Status: Confirmed
CVE: CVE-2014-0294 (🔍)
GCVE (CVE): GCVE-0-2014-0294
GCVE (VulDB): GCVE-100-12267
OVAL: 🔍
IAVM: 🔍
X-Force: 90790 - Microsoft Forefront remote code execution, High Risk
SecurityFocus: 65397 - Microsoft Forefront Protection for Exchange Server CVE-2014-0294 Remote Code Execution Vulnerability
Secunia: 56788 - Microsoft Forefront Protection for Exchange Mail Content Parsing Code Execution Vulnerabil, Highly Critical
OSVDB: 103161
SecurityTracker: 1029744
Vulnerability Center: 43211 - [MS14-008] Microsoft Forefront Protection for Exchange Server Remote Code Execution Vulnerability, Critical
Misc.: 🔍
See also: 🔍
Entry
Created: 02/12/2014 15:11Updated: 01/09/2025 21:24
Changes: 02/12/2014 15:11 (47), 05/20/2017 10:36 (39), 06/09/2021 14:10 (3), 06/09/2021 14:12 (1), 12/22/2024 00:48 (16), 01/09/2025 21:24 (1)
Complete: 🔍
Cache ID: 216:44A:103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.