Microsoft Exchange Server OWA could allow remote execution of code

exchange-owa-execute-code (16583) The risk level is classified as HighHigh Risk

Description:

Microsoft Exchange Server could allow a remote attacker to execute arbitrary code. OWA fails to properly validate input sent to an HTML redirection query before the input is sent to the browser. A remote attacker, who is authenticated, or who can log into OWA, can cause an arbitrary script to run with privileges of the victim. An attacker could also exploit this vulnerability to replace the Web browser cache and intermediate proxy cache with spoofed content, and possibly perform cross-site scripting attacks.


Consequences:

Gain Access

Remedy:

Apply the appropriate patch for your system, as listed in the Microsoft Security Bulletin MS04-026 . See References.

References:

  • BugTraq Mailing List, Wed Aug 11 2004 - 02:02:06 CDT: HTTP Response Splitting vulnerability in Microsoft Outlook Web Access for Exchange 5.5.
  • CIAC Information Bulletin 0-197: Microsoft Exchange Server 5.5 Outlook Web Access Vulnerability.
  • Microsoft Security Bulletin MS04-026: Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842436).
  • BID-10902: Microsoft Exchange Outlook Web Access HTTP Response Splitting Vulnerability
  • CVE-2004-0203: Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.
  • US-CERT VU#948750: Microsoft Outlook Web Access contains vulnerability in HTML redirection query

Platforms Affected:

  • Microsoft Exchange Server 5.5 SP4

Reported:

Aug 10, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page