MS.Exchange.Server.OWA.Script.Injection
Description
It indicates a possible exploit of Cross-Site Scripting in Microsoft Outlook Web Access that may allow remote attackers to insert script or HTML via an email message.Such script could be used to steal session information from the victims cookies, and thus enable the attacker to get access to the victim's emails.
Affected Products
Microsoft Exchange Server 2003 SP2
Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2000 SP3
Impact
Stealing cookies based information.
Recommended Actions
Microsoft Exchange Server 2003 SP1
* Microsoft Security Update for Exchange Server 2003 SP1 (KB912442)
http://www.microsoft.com/downloads/details.aspx?familyid=0E192781-847F -41C1-B32A-84218DB60942&displaylang=en
Microsoft Exchange Server 2000 SP3
* Microsoft Security Update for Exchange 2000 Server (KB912442)
http://www.microsoft.com/downloads/details.aspx?familyid=746CE64E-3186 -422B-A13B-004E7942189B&displaylang=en
Microsoft Exchange Server 2003 SP2
* Microsoft Security Update for Exchange Server 2003 SP2 (KB912442)
http://www.microsoft.com/downloads/details.aspx?familyid=C777BC9F-52B7 -4F17-96C7-DAF3B9987D70&displaylang=en
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-11 | 16.978 |