Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: MS06-029: Script injection through Exchange/OWA - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-029: Script injection through Exchange/OWA
MS06-029 - KB 912442

Affected Software:
  • Microsoft Exchange 2000 Server Pack 3 with the August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup
  • Microsoft Exchange Server 2003 Service Pack 1
  • Microsoft Exchange Server 2003 Service Pack 2
Impact:  Remote Code Execution
Severity:  Important
Description:  Microsoft Exchange servers running Outlook Web Access (OWA) to allow clients to remotely check emails are placing their clients at risk to a script injection vulnerability.  A specially crafted email sent to the user and opened with OWA would allow the script to run.  According to Microsoft "A script injection vulnerability exists that could allow an attacker to run a malicious script. If this malicious script is run, it would run in the security context of the user on the client."  If you are running Microsoft Exchange OWA service, it is very important that you patch ASAP. 

If  you have been tracking the issue with Yahoo web mail, this should sound very familiar.
The vulnerability is covered in CVE-2006-1193.

Lorna Hutcheson

760 Posts
Jun 13th 2006

Sign Up for Free or Log In to start participating in the conversation!