MinorRev: Microsoft Security Bulletin MS03-047 - Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 10/22/03

Next message: Russ: "Re: Issues with MS03-043"

Previous message: Russ: "MinorRev: Microsoft Security Bulletin MS03-046 - Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Tue, 21 Oct 2003 22:25:39 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Reason for Revision:
V1.1 October 21, 2003: Removed unnecessary information from "Deployment"
in the "Exchange Server 5.5 Service Pack 4" section of "Security Patch
Information."

Microsoft Security Bulletin MS03-047:
Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow
Cross-Site Scripting Attack (828489)

Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS03-047.asp

Summary:
  Version Number: V1.1
  Revision Date: 10-21-2003
  Impact of Vulnerability: Remote Code Execution
  Maximum Severity Rating: Moderate
  Patch(es) Replaced: None
  Caveats: Customers who have customized any of the ASP pages in the
File Information section in this document should backup those files
before applying this patch as they will be overwritten when the patch is
applied. Any customizations would then need to be reapplied to the new
ASP pages.
  CVE Number(s): CAN-2003-071

Tested Software:
Affected Software:
* Microsoft Exchange Server 5.5, Service Pack 4
<http://www.ntbugtraq.com/link/C516FE75-95CE-4FFF-B83D-9B170FCD0C1C.asp>

Software Not Affected:
* Microsoft Exchange 2000 Server <li>Microsoft Exchange Server 2003

This email is sent to NTBugtraq automatically as a service to my
subscribers. (v2.0)

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

-----
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, *** covering, and bureaucracy are threatening to derail any
chance of making progress.
-----

Next message: Russ: "Re: Issues with MS03-043"

Previous message: Russ: "MinorRev: Microsoft Security Bulletin MS03-046 - Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]