Intrusion Prevention



This indicates a possible attempt to exploit a cross-site scripting (XSS) vulnerability in the Microsoft Outlook Web Access (OWA) component in Exchange Server.
The vulnerability is caused by the application's failure to properly validate user-supplied input. Remote attackers may exploit this to inject arbitrary web script or HTML via a crafted email message.

Affected Products

Microsoft Exchange Server 5.5 SP4


System compromise

Recommended Actions

Microsoft has released a critical security update, MS05-029, to fix this vulnerability. Please apply the update.

CVE References