Summary
This host is missing critical security update according to Microsoft Bulletin MS08-039.
Impact
Successful execution of exploit leads to arbitrary HTML and acript code execution in a user's browser session in the context of affected system.
Impact Level : SYSTEM
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx
Insight
The flaws are due to insufficient validation of certain e-mail fields and HTML in e-mail messages.
Affected
Microsoft Exchange Server (2003 and 2007) on Windows (2K and 2003).
References
Severity
Classification
-
CVE CVE-2008-2247, CVE-2008-2248 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Microsoft Outlook Information Disclosure Vulnerability (2894514)
- Microsoft Products HTML Sanitisation Component XSS Vulnerability (2741517)
- Microsoft SQL Server Elevation of Privilege Vulnerability (2984340)
- Microsoft Windows SAMR Protocol Security Bypass Vulnerability (2934418)
- Flaw in SMB Signing Could Enable Group Policy to be Modified (329170)