tags:fuzzingafljackalopeexchangesupply_chainuafOOB_readOOB_write original link: Hacking Exchange from the Outside In newsletter link: exploits.club Weekly Newsletter 18
Exploits Club Summary:
Sticking with the Microsoft Theme, Atredis released a blog post this week digging into Oracleâs âOutside inâ libraries. These libraries were used in Microsoft Exchange 2019 up until a few months ago, and were used to parse specific file types if an attachment inspection mail flow had been enabled. The write-up digs into the fuzzing set-up using AFL and Jackalope, before providing a crash-dump of the teams 3 finds (UAF, OOB read, OOB write)