Public exploits available
On this page
This is a cross-site scripting vulnerability in the affected versions of Outlook Web Access (OWA) for Exchange Server. Exploitation of the vulnerability could lead to elevation of privilege on individual OWA clients connecting to Outlook Web Access for Exchange Server. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted e-mail that would run malicious script from within an individual OWA client. If the malicious script is executed, the script would run in the security context of the user’s OWA session and could perform any action the user could perform such as reading, sending, and deleting e-mail as the logged-on user.
An attacker could attempt to exploit this vulnerability by convincing a user to open a specially crafted e-mail message via an individual client’s OWA session. The message could then cause malicious script to run on the individual client’s system in the context of the user’s OWA session.
Technical details (analysis)
Cross-site scripting (XSS) is a security vulnerability that could enable an attacker to "inject" code into a user's session with a Web site. Unlike most security vulnerabilities, XSS does not apply to any single vendor's products–instead, it can affect any software that generates HTML and that does not follow defensive programming practices.The vulnerability is a result of Outlook Web Access for Exchange Server not sufficiently validating e-mail fields when opening mail from within an individual client’s OWA session. An attacker could use this vulnerability in Outlook Web Access for Exchange Server to run malicious script on an individual user’s system in the context of the user’s OWA session. The attacker could then perform OWA actions as the logged-on user, such as reading, sending, or deleting e-mail as the logged-on user.
Microsoft Exchange Server 2003 Service Pack 2
Microsoft Exchange Server 2007
Microsoft Exchange Server 2007 Service Pack 1
Microsoft Exchange Server 2000 Service Pack 3
Release Date: 2008-08-16T00:00:00
Known false positives
No known false positives at this time.
Microsoft has not identified any workarounds for this vulnerability.