{"vuid":"VU#138188","idnumber":"138188","name":"Microsoft Outlook Web Access for Exchange Server script injection vulnerability","keywords":["Microsoft","Exchange Server","remote code execution","Outlook Web Access","MS06-029"],"overview":"A script injection vulnerability exists in Microsoft Exchange Server running Outlook Web Access.","clean_desc":"Microsoft Outlook Web Access (OWA) is a service of Exchange Server. OWA allows authorized users to read and send email, manage their calendar, and perform other functions on an Exchange server via the Web. Outlook Web Access fails to correctly filter script contained in an email message under certain circumstances. This results in a vulnerability that could allow an attacker to supply script that would be executed by a user using OWA to read email.","impact":"A remote attacker with the ability to supply an email message containing specially crafted script may be able to execute the script in the security context of the victim user on the client system. Microsoft states that user interaction is required to exploit this vulnerability.","resolution":"Apply a patch Microsoft has published patches for this issue in Microsoft Security Bulletin MS06-029.","workarounds":"Workarounds In addition to the patches, Microsoft has also published a number of workarounds for this issue in  Microsoft Security Bulletin MS06-029. Users, particularly those who are unable to apply the patch, are encouraged to implement these workarounds.","sysaffected":"","thanks":"Thanks to Microsoft for reporting this vulnerability. Microsoft, in turn, credits \nDaniel Fabian of \nSEC Consult\n with reporting this issue to them.","author":"This document was written by Chad R Dougherty.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","m","s","0","6","-","0","2","9",".","m","s","p","x"],"cveids":["CVE-2006-1193"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-06-13T18:02:33Z","publicdate":"2006-06-13T00:00:00Z","datefirstpublished":"2006-06-13T20:41:12Z","dateupdated":"2006-06-13T20:42:39Z","revision":10,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"9","cam_impact":"15","cam_easeofexploitation":"12","cam_attackeraccessrequired":"20","cam_scorecurrent":"15.1875","cam_scorecurrentwidelyknown":"18.225","cam_scorecurrentwidelyknownexploited":"30.375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":15.1875,"vulnote":null}