OSVDB ID: 26441

Title: Microsoft Exchange Server Outlook Web Access HTML Parsing Unspecified XSS

Info

Disclosure

Jun 13, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Exchange Server contains an unspcified Cross Site Scripting flaw in Outlook Web Access that may allow an attacker to execute arbitrary code as a target user with a specially crafted email. No further details have been provided.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Exchange Server	2000 SP3
		2003 SP1
		2003 SP2

References

CERT VU: 138188
Bugtraq ID: 18381
CVE ID: 2006-1193 (see also: NVD)
Secunia Advisory ID: 20634
SCIP VulDB ID: 2312
Microsoft Knowledge Base Article: 912442
VUPEN Advisory: ADV-2006-2326
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0274.html
Other Advisory URL: http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt
Microsoft Security Bulletin: MS06-029
Keyword: SA-20060613-0

Credit

Daniel Fabian - d.fabiansec-consult.com - SEC Consult Unternehmensberatung GmbH

Direct URL: http://osvdb.org/26441

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Exchange Server

References

Credit