MS.Outlook.Web.Access.Remote.Script.Injection

description-logoDescription

Microsoft Outlook Web Access has a script injection vulnerability, caused by the application's failure to properly handle specially crafted email attachments.
To exploit it, an attacker must send a specially crafted file by email to a user of the affected application. When the user opens the file, the attacker-supplied script code will be executed in the context of the affected system.
It allows attackers to execute arbitrary scripts, spoof content or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments.

affected-products-logoAffected Products

Microsoft Outlook Web Access for Exchange 2003 Server
Microsoft Outlook Web Access for Exchange 2000 Server
Microsoft Exchange Server 2003 SP2
Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2003
Microsoft Exchange Server 2000 SP3
Microsoft Exchange Server 2000 SP2
Microsoft Exchange Server 2000 SP1
Microsoft Exchange Server 2000
Avaya Messaging Application Server MM 3.1
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 2.0
Avaya Messaging Application Server 0

Impact logoImpact

Arbitrary scripts execution.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-01-11 16.995