Intrusion PreventionMS.Exchange.Server.OWA.Script.Injection
Description
It indicates a possible exploit of Cross-Site Scripting in Microsoft Outlook Web Access that may allow remote attackers to insert script or HTML via an email message.Such script could be used to steal session information from the victims cookies, and thus enable the attacker to get access to the victim's emails.
Affected Products
Microsoft Exchange Server 2003 SP2
Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2000 SP3
Impact
Stealing cookies based information.
Recommended Actions
Microsoft Exchange Server 2003 SP1
* Microsoft Security Update for Exchange Server 2003 SP1 (KB912442)
http://www.microsoft.com/downloads/details.aspx?familyid=0E192781-847F -41C1-B32A-84218DB60942&displaylang=en
Microsoft Exchange Server 2000 SP3
* Microsoft Security Update for Exchange 2000 Server (KB912442)
http://www.microsoft.com/downloads/details.aspx?familyid=746CE64E-3186 -422B-A13B-004E7942189B&displaylang=en
Microsoft Exchange Server 2003 SP2
* Microsoft Security Update for Exchange Server 2003 SP2 (KB912442)
http://www.microsoft.com/downloads/details.aspx?familyid=C777BC9F-52B7 -4F17-96C7-DAF3B9987D70&displaylang=en
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2020-12-11 | 16.978 |
| ID | 13232 |
| Created | Oct 10, 2006 |
| Updated | Nov 15, 2021 |
| Risk |
|
| CVE ID | CVE-2006-1193 |
| Exploit Prediction Score | 96.63% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | MS_Exchange |