Alias(es)Microsoft.Exchange.Server.Outlook.Web.Access.Script.Injection |
Release DateOct 17, 2006 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server when running Outlook Web Access (OWA), which allows remote attackers to inject arbitrary HTML or web script. |
Affected ProductsMicrosoft Exchange 2000 Server Pack 3 with the August 2004Exchange 2000 Server Post-Service Pack 3 Update Rollup Microsoft Exchange Server 2003 Service Pack 1 Microsoft Exchange Server 2003 Service Pack 2 |
Recommended ActionsApply patch, available from the web site:http://www.microsoft.com/technet/security/bulletin/MS06-029.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-1193 |
Reference/shttp://technet.microsoft.com/en-us/security/bulletin/MS06-029.mspx (MS-ID)http://www.securityfocus.com/bid/18381 (BugTraq) |
