The issue is tracked as CVE-2019-6996 and has been assigned the id MMC-19110206. A remote attacker could leverage this vulnerability to crash a server. In order to exploit this issue, an attacker would first have to authenticate with the server. After successfully authenticating, an attacker could send a link to a very large image file. If a user were to click on this link, the server would be crashed due to a memory allocation issue. The crash could be exploited to cause a Denial of Service (DoS). This issue has been resolved in this release.
Overview of the vulnerability
A remote attacker could leverage this vulnerability to crash a server. In order to exploit this issue, an attacker would first have to authenticate with the server. After successfully authenticating, an attacker could send a link to a very large image file. If a user were to click on this link, the server would be crashed due to a memory allocation issue.
Software version information
The software version that fixes the vulnerability is 4.0.8.
Vulnerability Description
A vulnerability in VMware ESXi 5.1 and ESXi 6.0 could allow a remote attacker to crash the server due to a memory allocation issue.
Installing the Update
A remote attacker could leverage this vulnerability to crash a server. In order to exploit this issue, an attacker would first have to authenticate with the server. After successfully authenticating, an attacker could send a link to a very large image file. If a user were to click on this link, the server would be crashed due to a memory allocation issue. To address this issue, please upgrade your systems running Microsoft Exchange Server 2010 Service Pack 3 (SP3) and Microsoft Exchange Server 2013 Service Pack 2 (SP2) version 15.0 up-to-date patches as soon as possible.
Timeline
Published on: 04/13/2022 18:15:00 UTC
Last modified on: 04/21/2022 01:46:00 UTC