• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Outlook Web Access Remote Script Injection Vulnerability

Microsoft Outlook Web Access is prone to a script-injection vulnerability because the application fails to properly handle specially crafted email attachments.

To exploit this issue, attackers must send specially crafted files through email messages to users of the affected application. When users open the file, attacker-supplied script code will be executed in the context of the affected website.

Successful exploits allow attackers to access Outlook Web Access sessions with the privileges of the targeted user. As a result, attackers may be able to obtain sensitive information and send, modify, or delete email; other attacks are also possible.