Microsoft Exchange From Deserialization to Post-Auth RCE (CVE-2021–28482)

Database~eb60615b-fc77-44b7-b0e4-a7abf6f7f57e~~2021-05-20T01:48:22
Server~exchange.evil.corp~1942062522~2021-05-19T08:36:11
- AnonymousCalendarProxyRequestHandler
- ComplianceServiceProxyRequestHandler
- EwsAutodiscoverProxyRequestHandler
- MailboxDeliveryProxyRequestHandler
- MapiProxyRequestHandler
- MicroServiceProxyRequestHandler
- MrsProxyRequestHandler
- OabProxyRequestHandler
...
  • Microsoft.Exchange.Clients.Owa2.Server.Web.MeetingPollHandler
  • Microsoft.Exchange.HttpProxy.PsgwProxyRequestHandler
MeetingPollHandler.ProcessRequest()-> MeetingPollProposeOptionsPayload.ProcessRequest()
EntitySerializer.Deserialize<Dictionary<string, ProposeOptionsMeetingPollParameters>>(largeStringProperty);

--

--

asdasd asdasdasd asdasdasd

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store