Intrusion Prevention



This indicates an attempt to exploit a cross-site scripting (XSS) vulnerability in the Outlook Web Access (OWA) for Exchange Server.
The vulnerability is a result of incorrectly parsing HTML when opening mail from within OWA. As a result, a remote attacker could run scripts in the security context of the user's OWA session.

Affected Products

Microsoft Exchange Server 2003 SP1 and SP2
Microsoft Exchange Server 2007 and SP1.


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply patch, available from the web site.

CVE References