Full title: Microsoft Exchange Server msExchEcpCanary CSRF / Privilege Escalation Exploit 
Category: local exploits
Platform: windows
Microsoft Exchange Server has a flaw that exists within the HasValidCanary function inside of the Canary15 class. The issue results in an insecure generation of cross site request forgery tokens that can be used to install an office-addins. An attacker can leverage this vulnerability to escalate privileges to an administrative account.

# 0day.today @ http://0day.today/