Make Homepage | Add To Favorites | Print Page | Submit News | Feedback | Contact | 

Your Technical Computer Information Resource!  
     
  Technical Updates @ TACKtech Corp.  

10.15.2003 - MS03-047: Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)



View Microsoft-Exchange related news. A cross-site scripting (XSS) vulnerability results due to the way that Outlook Web Access (OWA) performs HTML encoding in the Compose New Message form.

An attacker could seek to exploit this vulnerability by having a user run script on the attacker's behalf. The script would execute in the security context of the user. If the script executes in the security context of the user, the attacker's code could then execute by using the security settings of the OWA Web site (or of a Web site that is hosted on the same server as the OWA Web site) and could enable the attacker to access any data belonging to the site where the user has access.

- Download Exchange Server 5.5 SP4 Patch
- View Microsoft Knowledge Base Article - 828489
- View Microsoft Security Bulletin
- View Microsoft End User Security Bulletin
- Visit Microsoft Corporation

NID: 1487 / Submitted by: Travis
Categories: Email Applications, Internet Applications, Microsoft, Patches and Updates, Server Applications
Most recent Microsoft-Exchange related news.
MS09-003 - Critical: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
MS08-039 - Important: Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
Microsoft Exchange Hosted Services Directory Synchronization Tool 8.1
Update Rollup 4 for Exchange Server 2007 (KB940006)
MS07-026: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)
View archive of Microsoft-Exchange related news.

Visit the TACKtech Shop
  Popular Tech News  
  Most Viewed News  
  Top Affiliates  
........