Intrusion Prevention

MS.Exchange.OWA.HTML.Parse.XSS

Description

This indicates an attempt to exploit a cross-site scripting (XSS) vulnerability in the Outlook Web Access (OWA) for Exchange Server.
The vulnerability is a result of incorrectly parsing HTML when opening mail from within OWA. As a result, a remote attacker could run scripts in the security context of the user's OWA session.

Affected Products

Microsoft Exchange Server 2003 SP1 and SP2
Microsoft Exchange Server 2007 and SP1.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply patch, available from the web site.
http://www.microsoft.com/technet/security/Bulletin/MS08-039.mspx

CVE References

CVE-2008-2248