Signature Detail

SMTP: Cross Site Script Attack URL in Email

This signature detects URLs within an e-mail that contains possible Cross-site scripting attacks. Many Web servers, including Microsoft Exchange OWA, are vulnerable to this attack. Successful attacks can allow the attacker to gain control over the user's system.

Extended Description

It has been reported that Microsoft Exchange Server Outlook Web Access is prone to a cross-site scripting vulnerability. The issue is reported to exist due insufficient sanitization of user-supplied data in HTML encoding performed by Compose New Message form. The problem may allow a remote attacker to execute HTML or script code in the browser of a user running the vulnerable software. Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information that could be used to launch further attacks.

Affected Products

• Microsoft Exchange Server 5.5
• Microsoft Exchange Server 5.5 SP1
• Microsoft Exchange Server 5.5 SP2
• Microsoft Exchange Server 5.5 SP3
• Microsoft Exchange Server 5.5 SP4

References

• BugTraq: 8832
• CVE: CVE-2004-0203
• URL: http://www.windowsitpro.com/Article/ArticleID/43653/43653.html?Ad=1
• URL: http://www.microsoft.com/technet/security/Bulletin/MS04-026.mspx