1-800-691-1991 | 9am - 8pm ET

Veeam Explorer for Microsoft Exchange Javascript Execution Vulnerability


The vulnerability allows execution of arbitrary code in emails containing inline Javascript.

NOTE: This has been corrected in Veeam Backup for MIcrosoft Office 365 version 3 and Veeam Backup & Replication version U4a.


The affected component is Veeam Explorer for Microsoft Exchange message preview browser. Email content is rendered using HTML browser and if an email contains inline Javascript, the embedded script may be executed.


1)    Download the hotfix ZIP package;
2)    Navigate to the corresponding folder according to the product you want to apply the hotfix to;
3)    On each machine where Veeam Explorer for Exchange is installed, navigate to C:\Program Files\Veeam\Backup and Replication\ExchangeExplorer and make a backup of the following files by copying them to another folder:
  • BlockedFileTypes.xml
  • Veeam.Exchange.Explorer.exe
4)    Copy the following files from the hotfix package to C:\Program Files\Veeam\Backup and Replication\ExchangeExplorer:
  • BlockedFileTypes.xml
  • Veeam.Exchange.Explorer.exe
  • HtmlAgilityPack.dll

More information


MD5 checksum for is 3e8db48b1c9dbc1034f0dbd75c3aadfd

Should you have any questions, contact Veeam Support.
Veeam Backup for Microsoft Office 365, Veeam Backup & Replication
Version:, 1.5.1309, 2.0.x
Last Modified:
Please rate how helpful this article was to you:
5 out of 5 based on 1 ratings
Thank you for helping us improve!
An error occurred during voting. Please try again later.

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.
Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!

Spelling error in text

Knowledge base content request
By submitting, you agree that your personal data will be managed by Veeam in accordance with the Privacy Policy.

ty icon

Thank you!

We have received your request and our team will reach out to you shortly.


error icon

Oops! Something went wrong.

Please go back try again later.