Microsoft Corporation Information for VU#959313

Oracle Outside In OS/2 Metafile parser stack buffer overflow

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://technet.microsoft.com/en-us/security/bulletin/ms13-105

Addendum

Microsoft Exchange 2007, 2010, and 2013 use Oracle Outside In for its WebReady document viewing feature. By viewing a document with OWA WebReady, arbitrary code may execute on the Exchange server. Please see Microsoft Security Bulletin MS13-105 for updates. Microsoft FAST Search Server 2010 for SharePoint Parsing also uses Oracle Outside In.

If you have feedback, comments, or additional information about this vulnerability, please send us email.