Outlook Web Access For Exchange Server Elevation Of Privilege (953747) Network Vulnerability

Summary

This host is missing critical security update according to Microsoft Bulletin MS08-039.

Impact

Successful execution of exploit leads to arbitrary HTML and acript code execution in a user's browser session in the context of affected system. Impact Level : SYSTEM

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx

Insight

The flaws are due to insufficient validation of certain e-mail fields and HTML in e-mail messages.

Affected

Microsoft Exchange Server (2003 and 2007) on Windows (2K and 2003).

References

http://securitytracker.com/alerts/2008/Jul/1020439.html
http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx
http://xforce.iss.net/xforce/xfdb/43328

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2247, CVE-2008-2248

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Microsoft Outlook Information Disclosure Vulnerability (2894514)
Microsoft Products HTML Sanitisation Component XSS Vulnerability (2741517)
Microsoft SQL Server Elevation of Privilege Vulnerability (2984340)
Microsoft Windows SAMR Protocol Security Bypass Vulnerability (2934418)
Flaw in SMB Signing Could Enable Group Policy to be Modified (329170)

Outlook Web Access for Exchange Server Elevation of Privilege (953747)

Take action and discover your vulnerabilities