Technical Documentation

Security Center

Microsoft Security Bulletins: Prior Updates August 2004

2005 |August |July |June |May |April |March |February |January
2004 |December |November |October |September |August |July |June |May |April |March |February |January
2003 |December |November |October

August 2004

Microsoft Security Bulletin MS04-026

Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842436)

Severity: Moderate
Vulnerabilities:
  • Cross-site and Spoofing Vulnerability - CAN-2004-0203
    This is a cross-site scripting and spoofing vulnerability. The cross-site scripting vulnerability could allow an attacker to convince a user to run a malicious script. If this malicious script is run, it would execute in the security context of the user. Attempts to exploit this vulnerability require user interaction. This vulnerability could allow an attacker access to any data on the Outlook Web Access server that was accessible to the individual user.