Subscribe to Windows IT Pro
August 11, 2004 12:00 AM

Cross-site Scripting and Spoofing Vulnerability in Microsoft Exchange Server 5.5 Service Pack 4 (SP4) with Microsoft Outlook Web Access (OWA)

Ken Pfeil
Windows IT Pro
InstantDoc ID #43653
Rating: (0)

Reported August 10, 2004, by Microsoft

VERSIONS AFFECTED

  • Microsoft Exchange Server 5.5 Service Pack 4 (SP4) with Microsoft Outlook Web Access (OWA)
     

DESCRIPTION
A cross-site scripting and spoofing vulnerability in Exchange 5.5 SP4 could let an attacker convince an OWA user to run a malicious script. This vulnerability could let an attacker access any data on the OWA server that the user could access.

VENDOR RESPONSE
Microsoft has released bulletin MS04-026, "Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842436)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by Microsoft.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
    There are no comments to display. Be the first one!
You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.