MS.Exchange.Server.Outlook.Web.Access.Script.Injection
Description
This indicates an attack attempt against a Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server when running Outlook Web Access (OWA), which allows remote attackers to inject arbitrary HTML or web script.
Affected Products
Microsoft Exchange 2000 Server Pack 3 with the August 2004
Exchange 2000 Server Post-Service Pack 3 Update Rollup
Microsoft Exchange Server 2003 Service Pack 1
Microsoft Exchange Server 2003 Service Pack 2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply patch, available from the web site:
http://www.microsoft.com/technet/security/bulletin/MS06-029.mspx
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |