Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Windows : Microsoft Bulletins >> Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)


Vulnerability Assessment Details

Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)

Vulnerability Assessment Summary
Checks for ms06-029 via the registry

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote Web Server contains a script which is vulnerable to script injection
attacks.

Description :

The remote host is running a version of the Outlook Web Access which contains
cross site scripting flaws.

This vulnerability could permit a possible hacker to convince a user
to run a malicious script. If this malicious script is run, it would execute
in the security context of the user.
Attempts to exploit this vulnerability require user interaction.

This vulnerability could permit a possible hacker access to any data on the
Outlook Web Access server that was accessible to the individual user.

It may also be possible to exploit the vulnerability to manipulate Web browser caches
and intermediate proxy server caches, and put spoofed content in those caches.

Solution :

Microsoft has released a patch for OWA for Exchange 2000/2003 :

http://www.microsoft.com/technet/security/bulletin/ms06-029.mspx

Network Security Threat Level:

Low / CVSS Base Score : 1.9
(AV:R/AC:H/Au:NR/C:N/I:P/A:N/B:N)

Networks Security ID: 18381

Vulnerability Assessment Copyright: This script is Copyright (C) 2006-2007 Tenable Network Security

Cables, Connectors


Vintage Custom AT PC Computer w/Motherboard/Cards - Turbo Button & MHz Clock picture

Vintage Custom AT PC Computer w/Motherboard/Cards - Turbo Button & MHz Clock

$149.95



Vintage Microsoft Windows Software Dogs Promotional Copy  picture

Vintage Microsoft Windows Software Dogs Promotional Copy

$30.00



Casio PB-700 Personal Computer Vintage *Parts Or Repair* picture

Casio PB-700 Personal Computer Vintage *Parts Or Repair*

$45.00



Vintage Compaq 141649-004 2 Button PS/2 Gray Mouse M-S34 - FAST SHIPPING - NEW picture

Vintage Compaq 141649-004 2 Button PS/2 Gray Mouse M-S34 - FAST SHIPPING - NEW

$8.99



RARE NEW RETAIL BOX VINTAGE AST BTC 5140M WINDOWS PS2 KEYBOARD FCC E5XK8M104M10U picture

RARE NEW RETAIL BOX VINTAGE AST BTC 5140M WINDOWS PS2 KEYBOARD FCC E5XK8M104M10U

$29.95



Radio Shack Vintage Pc Circuit Boards picture

Radio Shack Vintage Pc Circuit Boards

$40.00



IBM 6x86L PR166+ 6x86L-2VAP166GB 6x86 vintage CPU GOLD # 2 picture

IBM 6x86L PR166+ 6x86L-2VAP166GB 6x86 vintage CPU GOLD # 2

$17.95



Lot Of 5 Vintage IDE Hard Drives, Conner Seagate, Quantum, Maxtor *Non Working* picture

Lot Of 5 Vintage IDE Hard Drives, Conner Seagate, Quantum, Maxtor *Non Working*

$27.99



Vintage Intel Universal Prom Programmer UPP-101 picture

Vintage Intel Universal Prom Programmer UPP-101

$1999.00



Vintage Evolis Dualys USB Serial ID Printer AS IS picture

Vintage Evolis Dualys USB Serial ID Printer AS IS

$280.00



Discussions

No Discussions have been posted on this vulnerability.