Content
(MS08-039) Microsoft Outlook Web Access for Exchange Server Parsing Cross-Site Scripting Vulnerability (953747)
- Type
- Logic error
- Impact of exploitation
- Privilege Escalation
- User Interaction
- user interaction is needed
- Attack Vector
- E-mail with malicious content
- Rating
- Medium
- CVE reference
- CVE-2008-2248 ,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Exchange 2003 SP2,
- Exchange 2007 SP1,
- Summary
- A vulnerability is present in Microsoft OWA that may allow for a privilege escalation. Exploitation could occur when processing a maliciously crafted e-mail through OWA.
Tab Navigation
Description
Microsoft Outlook Web Access (OWA) is allows for Web based e-mail exchange functionality. A vulnerability is present in Microsoft OWA that may allow for a privilege escalation. The cross-site scripting flaw lies in processing of specially crafted e-mails through OWA. Successful exploitation would allow for the privileges to be escalated to those of the victim.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (953747): http://www.microsoft.com/technet/security/Bulletin/MS08-039.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS08-039) Microsoft Outlook Web Access for Exchange Server Parsing Cross-Site Scripting Vulnerability (953747)
- Signature identifier:
- 5990
- Release date:
- 7/8/2008
Additional Resources
Microsoft Security Bulletin: Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
http://www.microsoft.com/technet/security/Bulletin/MS08-039.mspx
All Information
Timeline -
7/8/2008
Vendor has provided a patch.
Description -
Microsoft Outlook Web Access (OWA) is allows for Web based e-mail exchange functionality. A vulnerability is present in Microsoft OWA that may allow for a privilege escalation. The cross-site scripting flaw lies in processing of specially crafted e-mails through OWA. Successful exploitation would allow for the privileges to be escalated to those of the victim.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (953747): http://www.microsoft.com/technet/security/Bulletin/MS08-039.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS08-039) Microsoft Outlook Web Access for Exchange Server Parsing Cross-Site Scripting Vulnerability (953747)
- Signature identifier:
- 5990
- Release date:
- 7/8/2008
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
http://www.microsoft.com/technet/security/Bulletin/MS08-039.mspx
