<<< Date Index >>>     <<< Thread Index >>>

Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (Microsoft Security Bulletin MS03-047)




From Microsoft Security Bulletin MS03-047:

A cross-site scripting (XSS) vulnerability results due to the way that Outlook Web Access (OWA) performs HTML encoding in the Compose New Message form.

An attacker could seek to exploit this vulnerability by having a user run script on the attacker's behalf. The script would execute in the security context of the user. If the script executes in the security context of the user, the attacker's code could then execute by using the security settings of the OWA Web site (or of a Web site that is hosted on the same server as the OWA Web site) and could enable the attacker to access any data belonging to the site where the user has access.

To exploit this vulnerability through OWA, an attacker would have to send an e-mail message that has a specially-formed link to the user. The user would then have to click the link. To exploit this vulnerability in another way, an attacker would have to know the name of the user's Exchange server and then entice the user to open a specially-formed link from another source while the user is logged on to OWA.

The full security bulletin can be found at:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-047.asp