Advisory Details

November 22nd, 2022

Microsoft Exchange MatlabWriter Exposed Dangerous Function Denial-of-Service Vulnerability

ZDI-22-1652
ZDI-CAN-18973

CVE ID CVE-2022-41082
CVSS SCORE 7.6, (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)
AFFECTED VENDORS Microsoft
AFFECTED PRODUCTS Exchange
VULNERABILITY DETAILS

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability.

The specific flaw exists within the MatlabWriter class. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

ADDITIONAL DETAILS Microsoft has issued an update to correct this vulnerability. More details can be found at:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082
DISCLOSURE TIMELINE
  • 2022-09-29 - Vulnerability reported to vendor
  • 2022-11-22 - Coordinated public release of advisory
CREDIT Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
BACK TO ADVISORIES