• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Exchange Server 5.5 Outlook Web Access Cross-Site Scripting Vulnerability

Solution:
Microsoft has released a patch (KB828489) to address this issue. It has been recommended that customers back up any customized ASP pages in the following list, as they will be overwritten when the patch is applied:

global.asa %EXSRVROOT%\WEBDATA
08/12/2003 12:15 NA 1,180 encode.inc %EXSRVROOT%\WEBDATA\%WEBDATALANG%

09/16/2003 11:49 6,835 root.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%

09/16/2003 11:49 2,473 read.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\ATTACH

09/16/2003 11:49 2,424 events.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\CALENDAR

09/16/2003 11:49 5,783 main_fr.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\CALENDAR

09/16/2003 11:49 4,336 fumsg.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FINDUSER

09/16/2003 11:49 12,928 amunres.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS

09/16/2003 11:49 3,458 openitem.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS

09/16/2003 11:49 3,174 pickform.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS

09/16/2003 11:49 13,271 contdet.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\CONTACT

09/16/2003 11:50 7,952 frmroot.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\CONTACT

09/16/2003 11:50 5,388 postatt.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\CONTACT

09/16/2003 11:49 11,230 postMsg.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\CONTACT

09/16/2003 11:50 5,189 postroot.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\CONTACT

09/16/2003 11:49 7,896 posttitl.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\CONTACT

09/16/2003 11:49 5,354 cmpatt.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\NOTE

09/16/2003 11:50 7,390 cmpmsg.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\NOTE

09/16/2003 11:49 3,133 cmpOpt.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\NOTE

09/16/2003 11:49 7,091 cmpTitle.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\NOTE

09/16/2003 11:49 8,501 frmroot.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\NOTE

09/16/2003 11:49 5,306 postatt.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\POST

09/16/2003 11:49 6,419 postMsg.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\POST

09/16/2003 11:49 6,485 postroot.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\POST

09/16/2003 11:49 5,238 posttitl.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\POST

09/16/2003 11:49 8,892 frmroot.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\SCHEDULE\MEETING\CANCELED

09/16/2003 11:49 30,942 frmRoot.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\SCHEDULE\MEETING\REQUEST

09/16/2003 11:49 21,055 mrAppt.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\SCHEDULE\MEETING\REQUEST

09/16/2003 11:49 5,785 mrAtt.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\SCHEDULE\MEETING\REQUEST

09/16/2003 11:49 2,931 mrOpt.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\SCHEDULE\MEETING\REQUEST

09/16/2003 11:49 12,675 mrPlaner.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\SCHEDULE\MEETING\REQUEST

09/16/2003 11:50 26,555 mrRecur.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\SCHEDULE\MEETING\REQUEST

09/16/2003 11:49 10,735 mrTitle.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\SCHEDULE\MEETING\REQUEST

09/16/2003 11:49 11,544 frmroot.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\SCHEDULE\MEETING\RESP

09/16/2003 11:49 5,323 rspatt.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\SCHEDULE\MEETING\RESP

09/16/2003 11:49 8,753 rspmsg.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\SCHEDULE\MEETING\RESP

09/16/2003 11:49 3,184 rspopt.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\SCHEDULE\MEETING\RESP

09/16/2003 11:49 7,776 rsptitle.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\FORMS\IPM\SCHEDULE\MEETING\RESP

09/16/2003 11:49 11,802 commands.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\INBOX

09/16/2003 11:49 11,166 main_fr.asp %EXSRVROOT%\WEBDATA\%WEBDATALANG%\INBOX

09/16/2003 11:49 8,185 root.asp %EXSRVROOT

Microsoft has released updated information concerning Microsoft Security Bulletin MS03-047. Microsoft has reported that the original patch did not cover certain languages. The security bulletin has been updated to provide information about a new patch, which is intended for customers having installed a language from the Language Packs for Outlook Web Access. It has also been reported that for this patch to function properly the Outlook Web Access (OWA) server on which the patch is installed must have Internet Explorer 5.01 or greater installed. If the patch is installed on a system with a version of IE less than 5.01, unexpected consequences may result.


Microsoft Exchange Server 5.5 SP1

• Microsoft KB828489
  http://www.microsoft.com/downloads/details.aspx?FamilyId=C516FE75-95CE -4FFF-B83D-9B170FCD0C1C&displaylang=en

Microsoft Exchange Server 5.5 SP3

• Microsoft KB828489
  http://www.microsoft.com/downloads/details.aspx?FamilyId=C516FE75-95CE -4FFF-B83D-9B170FCD0C1C&displaylang=en

Microsoft Exchange Server 5.5 SP4

• Microsoft KB828489
  http://www.microsoft.com/downloads/details.aspx?FamilyId=C516FE75-95CE -4FFF-B83D-9B170FCD0C1C&displaylang=en

Microsoft Exchange Server 5.5 SP2

• Microsoft KB828489
  http://www.microsoft.com/downloads/details.aspx?FamilyId=C516FE75-95CE -4FFF-B83D-9B170FCD0C1C&displaylang=en

Microsoft Exchange Server 5.5

• Microsoft KB828489
  http://www.microsoft.com/downloads/details.aspx?FamilyId=C516FE75-95CE -4FFF-B83D-9B170FCD0C1C&displaylang=en