[32085] in bugtraq
Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow
daemon@ATHENA.MIT.EDU (Ory Segal)
Thu Oct 16 13:01:30 2003
Message-ID: <3F8E8D4A.70402@sanctuminc.com>
Date: Thu, 16 Oct 2003 14:21:30 +0200
From: Ory Segal <ory.segal@sanctuminc.com>
MIME-Version: 1.0
To: BUGTRAQ@securityfocus.com, webappsec@securityfocus.com,
news@securiteam.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
From Microsoft Security Bulletin MS03-047:
A cross-site scripting (XSS) vulnerability results due to the way that
Outlook Web Access (OWA) performs HTML encoding in the Compose New
Message form.
An attacker could seek to exploit this vulnerability by having a user
run script on the attacker's behalf. The script would execute in the
security context of the user. If the script executes in the security
context of the user, the attacker's code could then execute by using the
security settings of the OWA Web site (or of a Web site that is hosted
on the same server as the OWA Web site) and could enable the attacker to
access any data belonging to the site where the user has access.
To exploit this vulnerability through OWA, an attacker would have to
send an e-mail message that has a specially-formed link to the user. The
user would then have to click the link. To exploit this vulnerability in
another way, an attacker would have to know the name of the user's
Exchange server and then entice the user to open a specially-formed link
from another source while the user is logged on to OWA.
The full security bulletin can be found at:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-047.asp
