Intrusion Prevention

MS.Exchange.Server.Outlook.Web.Access.HTML.Injection

Description

This indicates a possible attempt to exploit a cross-site scripting (XSS) vulnerability in the Microsoft Outlook Web Access (OWA) component in Exchange Server.
The vulnerability is caused by the application's failure to properly validate user-supplied input. Remote attackers may exploit this to inject arbitrary web script or HTML via a crafted email message.

Affected Products

Microsoft Exchange Server 5.5 SP4

Impact

System compromise

Recommended Actions

Microsoft has released a critical security update, MS05-029, to fix this vulnerability. Please apply the update.

CVE References

CVE-2005-0563