MS.Exchange.Server.Outlook.Web.Access.HTML.Injection
Description
This indicates a possible attempt to exploit a cross-site scripting (XSS) vulnerability in the Microsoft Outlook Web Access (OWA) component in Exchange Server.
The vulnerability is caused by the application's failure to properly validate user-supplied input. Remote attackers may exploit this to inject arbitrary web script or HTML via a crafted email message.
Affected Products
Microsoft Exchange Server 5.5 SP4
Impact
System compromise
Recommended Actions
Microsoft has released a critical security update, MS05-029, to fix this vulnerability. Please apply the update.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |