MajorRev: Microsoft Security Bulletin MS03-047 - Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 10/24/03

  • Next message: Randy Cardon: "XP Rollup issue"
    Date:         Fri, 24 Oct 2003 09:07:39 -0400
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Reason for Revision:
    V2.0 October 22, 2003: Updated to include details of an additional patch
    for languages available through the Outlook Web Access language pack.

    Microsoft Security Bulletin MS03-047:
    Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow
    Cross-Site Scripting Attack (828489)

    Bulletin URL:
    http://www.microsoft.com/technet/security/bulletin/MS03-047.asp

    Summary:
      Version Number: V2.0
      Revision Date: 10-22-2003
      Impact of Vulnerability: Remote Code Execution
      Maximum Severity Rating: Moderate
      Patch(es) Replaced: This patch replaces Microsoft Security Bulletin
    MS01-057.
      Caveats: Customers who have customized any of the ASP pages in the
    File Information section in this document should backup those files
    before applying this patch as they will be overwritten when the patch is
    applied. Any customizations would then need to be reapplied to the new
    ASP pages.
      CVE Number(s): CAN-2003-0712

    Tested Software:
      Affected Software:
      * Microsoft Exchange Server 5.5, Service Pack 4
    <http://www.ntbugtraq.com/link/C516FE75-95CE-4FFF-B83D-9B170FCD0C1C.asp>

      Software Not Affected:
      * Microsoft Exchange 2000 Server <LI>Microsoft Exchange Server 2003

    This email is sent to NTBugtraq automatically as a service to my
    subscribers. (v2.0)

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    ----
    NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
    code "NT1003" when registering to take the TICSA exam at www.2test.com.
    Prove to your employer and peers that you have the knowledge and
    abilities to be an active stakeholder in today's enterprise security.
    Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
    12/31/03 and cannot be used in combination with other offers.
    ----
    

  • Next message: Randy Cardon: "XP Rollup issue"

    Relevant Pages

    • Re: Microsoft Security Bulletin MS02-053
      ... You can download the windows 2000 patch from ... It it is possible to manually harden a server using the same processes as ... > for Microsoft FrontPage Server Extensions 2000 for Windows ... > Microsoft Security ...
      (microsoft.public.security)
    • Re: Microsoft Security Bulletin MS02-057
      ... For everyone's information, the patch is already available, and the issue is ... Flaw in Services for Unix 3.0 Interix SDK Could Allow Code ... > The Microsoft Security Response Center has released Microsoft Security ... > Bulletin MS02-057 ...
      (microsoft.public.security)
    • Re: Microsoft Security Bulletin MS02-057
      ... For everyone's information, the patch is already available, and the issue is ... Flaw in Services for Unix 3.0 Interix SDK Could Allow Code ... > The Microsoft Security Response Center has released Microsoft Security ... > Bulletin MS02-057 ...
      (microsoft.public.win2000.security)
    • Re: Microsoft Security Bulletin MS02-062
      ... I applied this patch to an Intranet server running Windows 2000 Advanced ... Microsoft Internet Information Server 4.0; ... > The Microsoft Security Response Center has released Microsoft Security ...
      (microsoft.public.security)
    • Re: Microsoft Security Bulletin MS02-062
      ... I applied this patch to an Intranet server running Windows 2000 Advanced ... Microsoft Internet Information Server 4.0; ... > The Microsoft Security Response Center has released Microsoft Security ...
      (microsoft.public.inetserver.iis.security)