SMTP: Microsoft Exchange OWA Cross-Site-Scripting
This signature detects attempts to exploit a known vulnerability against the Outlook Web Access component Microsoft Exchange Server. Versions of Internet Explorer 6.0 and above are susceptible to HTML code injection and arbitrary image injection (due to pages being displayed in the restricted security zone), but earlier versions of IE and other 3rd party browsers can also execute script. By sending a specially crafted HTML e-mail, an attack could take place. Depending on the version of the browser, session information from the victim's cookies and other information can be stolen, potentially allowing the attacker to gain access to the victim's e-mails.
Extended Description
Microsoft Exchange Server Outlook Web Access is prone to a script-injection vulnerability. A remote attacker can exploit this issue by sending a malicious email message to a vulnerable user.
Affected Products
Microsoft exchange_server_2003
Short Name
SMTP:OUTLOOK:OWA-XSS
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
CVE-2006-1193 Cross-Site-Scripting Exchange Microsoft OWA
Release Date
06/13/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3727
False Positive
Unknown
Vendors
Microsoft
CVSS Score
2.6