[l-engepuc] Problemas no Outlook Web Access.

  • From: <fabior@xxxxxxx>
  • To: <l-shutdown@xxxxxxxxxxxxxxx>
  • Date: Fri, 7 Dec 2001 19:33:45 -0200

Security Alert, December 7, 2001 


* OUTLOOK WEB ACCESS SCRIPT EXECUTION VULNERABILITY IN MICROSOFT 
EXCHANGE SERVER 5.5
   Whitehat Security reported that a vulnerability exists in the 
Microsoft Exchange Server 5.5 Outlook Web Access (OWA) service that 
lets an attacker take any action on the user's mailbox that the user 
can take, including deleting, moving, and sending messages. The 
vulnerability results from a problem in the way that OWA handles inline 
script messages used in conjunction with Internet Explorer (IE). If the 
attacker uses OWA to open an HTML message containing a specially formed 
script, the script executes under the user's security context. 
Microsoft has released Security Bulletin MS01-057 to address this 
vulnerability and recommends that affected users apply the patch 
provided at this URL.
   http://www.secadministrator.com/articles/index.cfm?articleid=23433

[]s

Fabio Rodrigues
fabior@xxxxxxx

*******************************************************************
Subscribe List:
mailto:l-engepuc-request@xxxxxxxxxxxxx?subject=subscribe
Unsubscribe List:
mailto:l-engepuc-request@xxxxxxxxxxxxx?subject=unsubscribe
Archives:
http://www.mail-archive.com/l-engepuc@xxxxxxxxxxxxx/

Other related posts:

  • » [l-engepuc] Problemas no Outlook Web Access.