Outlook Web Access For Exchange Server Elevation Of Privilege (953747) Network Vulnerability

Summary

This host is missing critical security update according to Microsoft Bulletin MS08-039.

Impact

Successful execution of exploit leads to arbitrary HTML and acript code execution in a user's browser session in the context of affected system. Impact Level : SYSTEM

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx

Insight

The flaws are due to insufficient validation of certain e-mail fields and HTML in e-mail messages.

Affected

Microsoft Exchange Server (2003 and 2007) on Windows (2K and 2003).

References

http://securitytracker.com/alerts/2008/Jul/1020439.html
http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx
http://xforce.iss.net/xforce/xfdb/43328

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2247, CVE-2008-2248
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Microsoft Graphics Component Information Disclosure Vulnerability (3029944)
Microsoft SharePoint Server Excel Services RCE Vulnerability (2904244)
Microsoft Silverlight Information Disclosure Vulnerability (2890788)
Microsoft .NET Framework Information Disclosure Vulnerability (2567951)
Microsoft .NET Framework Remote Code Execution Vulnerability (2538814)

Outlook Web Access for Exchange Server Elevation of Privilege (953747)

Take action and discover your vulnerabilities