Signature Detail

SMTP: Microsoft Exchange OWA Cross-Site-Scripting

This signature detects attempts to exploit a known vulnerability against the Outlook Web Access component Microsoft Exchange Server. Versions of Internet Explorer 6.0 and above are susceptible to HTML code injection and arbitrary image injection (due to pages being displayed in the restricted security zone), but earlier versions of IE and other 3rd party browsers can also execute script. By sending a specially crafted HTML e-mail, an attack could take place. Depending on the version of the browser, session information from the victim's cookies and other information can be stolen, potentially allowing the attacker to gain access to the victim's e-mails.

Extended Description

Microsoft Exchange Server Outlook Web Access is prone to a script-injection vulnerability. A remote attacker can exploit this issue by sending a malicious email message to a vulnerable user.

Affected Products

• Microsoft Exchange Server 2000 SP3
• Microsoft Exchange Server 2003 SP1
• Microsoft Exchange Server 2003 SP2

References

• CVE: CVE-2006-1193
• URL: http://www.microsoft.com/technet/security/bulletin/MS06-029.mspx