MS.Exchange.OWA.HTML.Parse.XSS
Description
This indicates an attempt to exploit a cross-site scripting (XSS) vulnerability in the Outlook Web Access (OWA) for Exchange Server.
The vulnerability is a result of incorrectly parsing HTML when opening mail from within OWA. As a result, a remote attacker could run scripts in the security context of the user's OWA session.
Affected Products
Microsoft Exchange Server 2003 SP1 and SP2
Microsoft Exchange Server 2007 and SP1.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply patch, available from the web site.
http://www.microsoft.com/technet/security/Bulletin/MS08-039.mspx
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |