• subscribe
Search
Browse By: Author | Issue
August 11, 2004 12:00 AM

Cross-site Scripting and Spoofing Vulnerability in Microsoft Exchange Server 5.5 Service Pack 4 (SP4) with Microsoft Outlook Web Access (OWA)

Ken Pfeil
Windows IT Pro
InstantDoc ID #43653

Reported August 10, 2004, by Microsoft

VERSIONS AFFECTED

  • Microsoft Exchange Server 5.5 Service Pack 4 (SP4) with Microsoft Outlook Web Access (OWA)
     

DESCRIPTION
A cross-site scripting and spoofing vulnerability in Exchange 5.5 SP4 could let an attacker convince an OWA user to run a malicious script. This vulnerability could let an attacker access any data on the OWA server that the user could access.

VENDOR RESPONSE
Microsoft has released bulletin MS04-026, "Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842436)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by Microsoft.



ARTICLE TOOLS

Comments
Add A Comment
    There are no comments to display. Be the first one!
You must log on before posting a comment.

Are you a new visitor? Register Here

© 2012 Penton Media, Inc.

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.