Family: Windows : Microsoft Bulletins --> Category: infos
Vulnerability in Exchange Server 5.5 Outlook Web Access XSS (842436) Vulnerability Scan
Vulnerability Scan Summary
Checks for ms04-026 via the registry
Detailed Explanation for this Vulnerability Test
The remote web server runs a script vulnerable to cross site scripting
The remote host runs Outlook Web Access.
Outlook Web Access is a service for Microsoft Exchange, which provides
web-based email, calendaring and contact management to end users.
The remote version of Outlook Web Access is vulnerable to a cross-site
scripting vulnerability which may allow a possible hacker to execute arbitrary
java script in the security context of a victim using this service.
To exploit this flaw, a possible hacker would need to send a specially crafted
message to a victim using Outlook Web Access. When the victim reads the
message, the bug in Outlook Web Access triggers and cause the execution
of the script sent by the attacker.
Microsoft has released a set of patches for OWA for Exchange 5.5 :
Low / CVSS Base Score : 3
Click HERE for more information and discussions on this network vulnerability scan.