Signature Detail

SMTP: Microsoft Outlook Web Access JavaScript Execution

This signature detects attempts to exploit a known vulnerability against Microsoft Exchange. Attackers can cause Outlook Web Access to allow JavaScript execution if it is called upon to read a maliciously crafted e-mail.

Extended Description

Microsoft Outlook Web Access is prone to a script-injection vulnerability because the application fails to properly handle specially crafted email attachments. To exploit this issue, attackers must send specially crafted files through email messages to users of the affected application. When users open the file, attacker-supplied script code will be executed in the context of the affected website. Successful exploits allow attackers to access Outlook Web Access sessions with the privileges of the targeted user. As a result, attackers may be able to obtain sensitive information and send, modify, or delete email; other attacks are also possible.

Affected Products

• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft Exchange Server 2000 SP1
• Microsoft Exchange Server 2000 SP2
• Microsoft Exchange Server 2000 SP3
• Microsoft Exchange Server 2000
• Microsoft Exchange Server 2003 SP1
• Microsoft Exchange Server 2003 SP2
• Microsoft Exchange Server 2003
• Microsoft Outlook Web Access for Exchange 2000 Server
• Microsoft Outlook Web Access for Exchange Server 2003

References

• BugTraq: 23806
• CVE: CVE-2007-0220
• URL: http://www.microsoft.com/technet/security/Bulletin/MS07-026.mspx