• info
• discussion
• exploit
• solution
• references

Microsoft OWA Server Embedded Script Execution Vulnerability

Solution:
Microsoft has released a fix:


Microsoft Exchange Server 5.5 SP1

• Microsoft Q313576
  Microsoft Bulletin MS01-057 notes that "for this patch to function properly, the Outlook Web Access (OWA) server on which the patch is installed must have Internet Explorer (IE) 5.0 or greater installed. If the patch is installed on a system with a version of IE older than 5.0, unexpected consequenc
  http://download.microsoft.com/download/exch55/Patch/05.05.77.2655/NT45 /EN-US/Q313576engi386.EXE

Microsoft Exchange Server 5.5 SP3

• Microsoft Q313576
  Microsoft Bulletin MS01-057 notes that "for this patch to function properly, the Outlook Web Access (OWA) server on which the patch is installed must have Internet Explorer (IE) 5.0 or greater installed. If the patch is installed on a system with a version of IE older than 5.0, unexpected consequenc
  http://download.microsoft.com/download/exch55/Patch/05.05.77.2655/NT45 /EN-US/Q313576engi386.EXE

Microsoft Exchange Server 5.5 SP4

• Microsoft Q313576
  Microsoft Bulletin MS01-057 notes that "for this patch to function properly, the Outlook Web Access (OWA) server on which the patch is installed must have Internet Explorer (IE) 5.0 or greater installed. If the patch is installed on a system with a version of IE older than 5.0, unexpected consequenc
  http://download.microsoft.com/download/exch55/Patch/05.05.77.2655/NT45 /EN-US/Q313576engi386.EXE

Microsoft Exchange Server 5.5 SP2

• Microsoft Q313576
  Microsoft Bulletin MS01-057 notes that "for this patch to function properly, the Outlook Web Access (OWA) server on which the patch is installed must have Internet Explorer (IE) 5.0 or greater installed. If the patch is installed on a system with a version of IE older than 5.0, unexpected consequenc
  http://download.microsoft.com/download/exch55/Patch/05.05.77.2655/NT45 /EN-US/Q313576engi386.EXE

Microsoft Exchange Server 5.5

• Microsoft Q313576
  Microsoft Bulletin MS01-057 notes that "for this patch to function properly, the Outlook Web Access (OWA) server on which the patch is installed must have Internet Explorer (IE) 5.0 or greater installed. If the patch is installed on a system with a version of IE older than 5.0, unexpected consequenc
  http://download.microsoft.com/download/exch55/Patch/05.05.77.2655/NT45 /EN-US/Q313576engi386.EXE