Alert: Microsoft Security Bulletin MS03-047 - Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)

• Previous message: Russ: "Alert: Microsoft Security Bulletin MS03-045 - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)"
• Next in thread: Russ: "Re: Alert: Microsoft Security Bulletin MS03-047 - Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)"
• Maybe reply: Russ: "Re: Alert: Microsoft Security Bulletin MS03-047 - Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Wed, 15 Oct 2003 19:39:26 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS03-047.asp

Summary:

  Version Number: V1.0
  Revision Date: 10-15-2003
  Patch(es) Replaced: None
  Caveats: Customers who have customized any of the ASP pages in the
File Information section in this document should backup those files
before applying this patch as they will be overwritten when the patch is
applied. Any customizations would then need to be reapplied to the new
ASP pages.
  CVE Number(s): CAN-2003-071

Tested Software:
  Affected Software:
  * Microsoft Exchange Server 5.5, Service Pack 4

  Software Not Affected:
  * Microsoft Exchange 2000 Server
  * Microsoft Exchange Server 2003

Technical Description:
A cross-site scripting (XSS) vulnerability results due to the way that
Outlook Web Access (OWA) performs HTML encoding in the Compose New
Message form. An attacker could seek to exploit this vulnerability by
having a user run script on the attacker's behalf. The script would
execute in the security context of the user. If the script executes in
the security context of the user, the attacker's code could then execute
by using the security settings of the OWA Web site (or of a Web site
that is hosted on the same server as the OWA Web site) and could enable
the attacker to access any data belonging to the site where the user has
access. To exploit this vulnerability through OWA, an attacker would
have to send an e-mail message that has a specially-formed link to the
user. The user would then have to click the link. To exploit this
vulnerability in another way, an attacker would have to know the name of
the user's Exchange server and then entice the user to open a
specially-formed link from another source while the user is logged on to
OWA. Note: Customers who have customized any of the ASP pages in the
File Information section in this document should backup those files
before applying this patch as they will be overwritten when the patch is
applied. Any customizations would then need to be reapplied to the new
ASP pages. Please refer to the Microsoft Support Policy for the
Customization of Outlook Web Access available at
http://support.microsoft.com/default.aspx?scid=kb;en-us;327178
This email is sent to NTBugtraq automatically as a service to my
subscribers. (v2.0)

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
12/31/03 and cannot be used in combination with other offers.
----

• Previous message: Russ: "Alert: Microsoft Security Bulletin MS03-045 - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)"
• Next in thread: Russ: "Re: Alert: Microsoft Security Bulletin MS03-047 - Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)"
• Maybe reply: Russ: "Re: Alert: Microsoft Security Bulletin MS03-047 - Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]