Microsoft Security Response Center

**According to the CVSS metric, the attack vector is network (AV:N), privileges required is high (PR:H) and the user interaction is none (UI:N). How could an attacker exploit this vulnerability?** The attacker who successfully exploited this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated admin, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.

**Is the Preview Pane an attack vector for this vulnerability?** Yes, the Preview Pane is an attack vector.

**According to the CVSS metric, the attack vector is local (AV:L), privileges are required (PR:L) and user interaction is required (UI:R). How could an attacker exploit this security feature bypass vulnerability?** The attack itself is carried out locally by a user with authentication to the targeted system. An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer.

**According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability?** An attacker could impact availability of the service resulting in "denial of service"\[DOS\].

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited the vulnerability could potentially read User Mode Service Memory.

**According to the CVSS metric, privileges required is high (PR:H). What privileges are needed by the attacker and how are they used in the context of the remote code execution?** To successfully exploit this vulnerability, the attacker must have EdgeUser access. The EdgeUser is the core user used to perform management operations on the DBG device. They can perform actions like modifying network settings, configuring web proxy, configure cloud connectivity, shutdown/restart the appliance and trigger DBG updates via side-load mechanism and even factory reset the appliance (factory reset is an operation which wipes existing data and brings the appliance to a factory default state).

**How could an attacker exploit this vulnerability?** An authenticated attacker could attack a Microsoft Protected Extensible Authentication Protocol (PEAP) Server by sending specially crafted malicious PEAP packets over the network.

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** The attacker must be authenticated to the target site, with the permission to use Manage Lists within SharePoint.

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.