Summary
This host is missing critical security update according to Microsoft Bulletin MS08-039.
Impact
Successful execution of exploit leads to arbitrary HTML and acript code execution in a user's browser session in the context of affected system.
Impact Level : SYSTEM
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx
Insight
The flaws are due to insufficient validation of certain e-mail fields and HTML in e-mail messages.
Affected
Microsoft Exchange Server (2003 and 2007) on Windows (2K and 2003).
References
Severity
Classification
-
CVE CVE-2008-2247, CVE-2008-2248 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502)
- Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)
- Microsoft Lync Server Information Disclosure Vulnerability (2969258)
- Microsoft .NET Framework Denial of Service Vulnerability (2990931)
- Microsoft Windows Media Center Remote Code Execution Vulnerability (2978742)