Skip navigation
Menu
Collaboration>Email and Calendaring

Script Execution Vulnerability in Microsoft Exchange Outlook Web Access

Reported June 08, 2001, by Microsoft.

VERSIONS AFFECTED

 

  • Microsoft Exchange 2000 Server using Outlook Web Access

  • Microsoft Exchange 5.5 Server using Outlook Web Access

  • Microsoft Internet Explorer

 

DESCRIPTION
A flaw exists in the interaction between Microsoft Exchange Server Outlook Web Access (OWA) and Microsoft Internet Explorer (IE) with message attachments. If an attachment contains HTML code that includes script, the script will execute when the user opens the attachment, regardless of the attachment type. Because OWA requires that the user enable scripting in the zone where the OWA server is located, this script can take action against the user’s Exchange mailbox as if the script were the user, including modifying and manipulating messages.

 

 

VENDOR RESPONSE

The vendor, Microsoft, has acknowledged this vulnerability and recommends that users immediately apply the patch mentioned in Security Bulletin MS01-030. 

 

CREDIT
Discovered by Joao Gouveia.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
zoom logo
Zoom Releases New AI-Powered Collaboration Platform—Zoom Workspace—Plus Other Updates
Mar 26, 2024
person working from home using smart phone and notebook computer
Monitoring Employee Productivity, Balance Surveillance with Transparency
Jan 03, 2024
zoom logo on screens of laptop and smartphone device.jpg
At Zoomtopia, Small Businesses Share Transformation Stories
Oct 12, 2023
zoom logo
Zoom Unveils Docs, Upgrades Contact Center Offerings
Oct 03, 2023