26441 : Microsoft Exchange Server Outlook Web Access HTML Parsing Unspecified XSS
Printer | http://osvdb.org/26441 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

8 months ago

Percent Complete

100%

Disclosure

Jun 13, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Exchange Server contains an unspcified Cross Site Scripting flaw in Outlook Web Access that may allow an attacker to execute arbitrary code as a target user with a specially crafted email. No further details have been provided.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Exchange Server	2000 SP3
		2003 SP1
		2003 SP2

References

CERT VU: 138188
Bugtraq ID: 18381
CVE ID: 2006-1193 (see also: NVD)
Secunia Advisory ID: 20634
Microsoft Knowledge Base Article: 912442
FrSIRT Advisory: ADV-2006-2326
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0274.html
Other Advisory URL: http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt
Microsoft Security Bulletin: MS06-029
Keyword: SA-20060613-0

Tools & Filters

Nessus	21695

Credit

Daniel Fabian - d.fabiansec-consult.com - SEC Consult Unternehmensberatung GmbH

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Exchange Server

References

Tools & Filters

Credit

Blogs

Comments