Microsoft Outlook Web Access Remote Script Injection Vulnerability

Bugtraq ID:	23806
Class:	Input Validation Error
CVE:	CVE-2007-0220
Remote:	Yes
Local:	No
Published:	May 08 2007 12:00AM
Updated:	May 17 2007 09:58PM
Credit:	Martijn Brinkers of Izecom is credited with the discovery of this vulnerability.
Vulnerable:	Microsoft Outlook Web Access for Exchange Server 2003 + Microsoft Exchange Server 2003 SP1 + Microsoft Exchange Server 2003 Microsoft Outlook Web Access for Exchange 2000 Server + Microsoft Exchange Server 2000 SP3 + Microsoft Exchange Server 2000 SP2 + Microsoft Exchange Server 2000 SP1 + Microsoft Exchange Server 2000 Microsoft Exchange Server 2003 SP2 Microsoft Exchange Server 2003 SP1 Microsoft Exchange Server 2003 Microsoft Exchange Server 2000 SP3 Microsoft Exchange Server 2000 SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server Microsoft Exchange Server 2000 SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server Microsoft Exchange Server 2000 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server Avaya Messaging Application Server MM 3.1 Avaya Messaging Application Server MM 3.0 Avaya Messaging Application Server MM 2.0 Avaya Messaging Application Server 0

Not Vulnerable: