Outlook Web Access for Exchange Server Elevation of Privilege (953747)

Summary
This host is missing critical security update according to Microsoft Bulletin MS08-039.
Impact
Successful execution of exploit leads to arbitrary HTML and acript code execution in a user's browser session in the context of affected system. Impact Level : SYSTEM
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx
Insight
The flaws are due to insufficient validation of certain e-mail fields and HTML in e-mail messages.
Affected
Microsoft Exchange Server (2003 and 2007) on Windows (2K and 2003).
References