Outlook Web Access For Exchange Server Elevation Of Privilege (953747) Network Vulnerability

Summary

This host is missing critical security update according to Microsoft Bulletin MS08-039.

Impact

Successful execution of exploit leads to arbitrary HTML and acript code execution in a user's browser session in the context of affected system. Impact Level : SYSTEM

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx

Insight

The flaws are due to insufficient validation of certain e-mail fields and HTML in e-mail messages.

Affected

Microsoft Exchange Server (2003 and 2007) on Windows (2K and 2003).

References

http://securitytracker.com/alerts/2008/Jul/1020439.html
http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx
http://xforce.iss.net/xforce/xfdb/43328

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2247, CVE-2008-2248

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502)
Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)
Microsoft Lync Server Information Disclosure Vulnerability (2969258)
Microsoft .NET Framework Denial of Service Vulnerability (2990931)
Microsoft Windows Media Center Remote Code Execution Vulnerability (2978742)

Outlook Web Access for Exchange Server Elevation of Privilege (953747)

Take action and discover your vulnerabilities