Reported August 10, 2004, by Microsoft
VERSIONS AFFECTED
|
DESCRIPTION
A cross-site scripting and spoofing vulnerability in Exchange 5.5 SP4 could let
an attacker convince an OWA user to run a malicious script. This vulnerability
could let an attacker access any data on the OWA server that the user could access.
VENDOR RESPONSE
Microsoft has released
bulletin MS04-026, "Vulnerability in Exchange Server 5.5
Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks
(842436)," to address this vulnerability and recommends that affected
users apply the appropriate patch listed in the bulletin.
CREDIT
Discovered by Microsoft.
0 comments
Hide comments