https://login.veeam.com/en/oauth?client_id=nXojRrypJ8&redirect_uri=https%3A%2F%2Fwww.veeam.com%2Fservices%2Fauthentication%2Fredirect_url&response_type=code&scope=profile&state=eyJmaW5hbFJlZGlyZWN0TG9jYXRpb24iOiJodHRwczovL3d3dy52ZWVhbS5jb20va2IyODQ3IiwiaGFzaCI6ImY2Mjk1NWY0LTYxZDAtNGU2Ny04ZTg2LTJlZDc2MzgzNDkzOSJ9
1-800-691-1991 | 9am - 8pm ET
EN

Veeam Explorer for Microsoft Exchange Javascript Execution Vulnerability

Challenge

The vulnerability allows execution of arbitrary code in emails containing inline Javascript.

NOTE: This has been corrected in Veeam Backup for MIcrosoft Office 365 version 3 and Veeam Backup & Replication version U4a.
 

Cause

The affected component is Veeam Explorer for Microsoft Exchange message preview browser. Email content is rendered using HTML browser and if an email contains inline Javascript, the embedded script may be executed.
 

Solution

1)    Download the hotfix ZIP package;
2)    Navigate to the corresponding folder according to the product you want to apply the hotfix to;
3)    On each machine where Veeam Explorer for Exchange is installed, navigate to C:\Program Files\Veeam\Backup and Replication\ExchangeExplorer and make a backup of the following files by copying them to another folder:
  • BlockedFileTypes.xml
  • Veeam.Exchange.Explorer.exe
4)    Copy the following files from the hotfix package to C:\Program Files\Veeam\Backup and Replication\ExchangeExplorer:
  • BlockedFileTypes.xml
  • Veeam.Exchange.Explorer.exe
  • HtmlAgilityPack.dll

More information

DOWNLOAD HOTFIX



MD5 checksum for kb2847.zip is 3e8db48b1c9dbc1034f0dbd75c3aadfd

Should you have any questions, contact Veeam Support.
KB ID:
2847
Product:
Veeam Backup for Microsoft Office 365, Veeam Backup & Replication
Version:
9.5.0.1922, 1.5.1309, 2.0.x
Published:
2018-12-24
Last Modified:
2020-08-13
Please rate how helpful this article was to you:
5 out of 5 based on 1 ratings
Thank you for helping us improve!
An error occurred during voting. Please try again later.

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.
Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!

Spelling error in text

Knowledge base content request
By submitting, you agree that your personal data will be managed by Veeam in accordance with the Privacy Policy.
Your report was sent to the responsible team. Our representative will contact you by email you provided.
We're working on it please try again later