Specially Formed Script in HTML Mail Can Execute in Exchange 5.5 OWA

Microsoft has released a patch for Exchange Server 5.5 to fix an Outlook Web Access (OWA) problem in which special script in an HTML-format message could execute and perform operations on the user's Exchange mailbox when the user opens the message. This patch is suitable only for OWA servers running Internet Explorer (IE) 5.0 or later. Because no full set of security patches exists for IE 5.0, Microsoft recommends that companies with earlier versions of IE upgrade their OWA servers to either IE 5.5 Service Pack 2 (SP2) or IE 6.0.


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.