- Joined
- Mar 19, 2001
- Messages
- 37,298
Hiya
Specially Formed Script in HMTL Mail can Execute in Exchange 5.5 OWA
Outlook Web Access (OWA) is a service of Exchange 5.5 Server that
allows users to access and manipulate messages in their Exchange
mailbox by using a web browser.
A flaw exists in the way OWA handles inline script in messages in
conjunction with Internet Explorer (IE). If an HTML message that
contains specially formatted script is opened in OWA, the script
executes when the message is opened. Because OWA requires that
scripting be enabled in the zone where the OWA server is located,
a vulnerability results because this script could take any action
against the user's Exchange mailbox that the user himself was
capable of, including sending, moving, or deleting messages. An
attacker could maliciously exploit this flaw by sending a
specially crafted message to the user. If the user opened the
message in OWA, the script would then execute.
While it is possible for a script to send a message as the user,
it is impossible for the script to send a message to addresses in
the user's address book. Thus, the flaw cannot be exploited for
mass-mailing attacks. Also, mounting a successful attack requires
knowledge of the intended victim's choice of mail clients and
reading habits. If the maliciously crafted message were read in
any mail client other than a browser through OWA, the attack
would fail.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms01-057.asp
Regards
eddie
Specially Formed Script in HMTL Mail can Execute in Exchange 5.5 OWA
Outlook Web Access (OWA) is a service of Exchange 5.5 Server that
allows users to access and manipulate messages in their Exchange
mailbox by using a web browser.
A flaw exists in the way OWA handles inline script in messages in
conjunction with Internet Explorer (IE). If an HTML message that
contains specially formatted script is opened in OWA, the script
executes when the message is opened. Because OWA requires that
scripting be enabled in the zone where the OWA server is located,
a vulnerability results because this script could take any action
against the user's Exchange mailbox that the user himself was
capable of, including sending, moving, or deleting messages. An
attacker could maliciously exploit this flaw by sending a
specially crafted message to the user. If the user opened the
message in OWA, the script would then execute.
While it is possible for a script to send a message as the user,
it is impossible for the script to send a message to addresses in
the user's address book. Thus, the flaw cannot be exploited for
mass-mailing attacks. Also, mounting a successful attack requires
knowledge of the intended victim's choice of mail clients and
reading habits. If the maliciously crafted message were read in
any mail client other than a browser through OWA, the attack
would fail.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms01-057.asp
Regards
eddie
