Microsoft Outlook Web Access Remote Script Injection Vulnerability

Bugtraq ID: 23806
Class: Input Validation Error
CVE: CVE-2007-0220
Remote: Yes
Local: No
Published: May 08 2007 12:00AM
Updated: May 17 2007 09:58PM
Credit: Martijn Brinkers of Izecom is credited with the discovery of this vulnerability.
Vulnerable: Microsoft Outlook Web Access for Exchange Server 2003
+ Microsoft Exchange Server 2003 SP1
+ Microsoft Exchange Server 2003
Microsoft Outlook Web Access for Exchange 2000 Server
+ Microsoft Exchange Server 2000 SP3
+ Microsoft Exchange Server 2000 SP2
+ Microsoft Exchange Server 2000 SP1
+ Microsoft Exchange Server 2000
Microsoft Exchange Server 2003 SP2
Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2003
Microsoft Exchange Server 2000 SP3
Microsoft Exchange Server 2000 SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
Microsoft Exchange Server 2000 SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
Microsoft Exchange Server 2000
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
Avaya Messaging Application Server MM 3.1
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 2.0
Avaya Messaging Application Server 0
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus