{"vuid":"VU#300373","idnumber":"300373","name":"Microsoft Outlook Web Access vulnerable to cross-site scripting","keywords":["Microsoft","Outlook Web Access","OWA","Exchange Server","cross-site scripting","CSS","MS05-029"],"overview":"Microsoft Outlook Web Access may be vulnerable to cross-site scripting attacks.","clean_desc":"Microsoft Outlook Web Access (OWA) allows users to access their email accounts on a Microsoft Exchange server from another host through a web browser. Microsoft Outlook Web Access for Exchange Server 5.5 contains a flaw in the HTML encoding routines used in the Compose New Message form that may allow an attacker to send a specially-crafted message to a user which then in turn runs a malicious script in the security context of the user reading the mail message.","impact":"A remote unauthenticated attacker may be able to execute arbitrary script code in the security context of the user reading the mail.","resolution":"Apply An Update Please see Microsoft Security Bulletin MS05-029 for more information, such as workarounds and patches.","workarounds":"Utilize Workarounds Microsoft Security Bulletin MS05-029 recommends a number of workarounds, including: Uninstall Outlook Web Access Disable Outlook Web Access for each Exchange site Modify the Read.asp file to not encode HTML mail with the appropriate HTML markup","sysaffected":"","thanks":"Thanks to Microsoft for information on this issue, who in turn thank \nGaël Delalleau\n working with\n iDEFENSE for reporting this vulnerability.","author":"This document was written by Ken MacInnis.","public":["http://www.microsoft.com/technet/security/bulletin/MS05-029.mspx","http://www.microsoft.com/exchange/en/55/help/default.asp?url=/exchange/en/55/help/documents/server/xog18001.htm?id=685"],"cveids":["CVE-2005-0563"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-06-14T17:44:05Z","publicdate":"2005-06-14T00:00:00Z","datefirstpublished":"2005-06-14T20:00:41Z","dateupdated":"2005-06-15T02:29:03Z","revision":8,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"11","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"10","cam_attackeraccessrequired":"20","cam_scorecurrent":"11.7","cam_scorecurrentwidelyknown":"13.95","cam_scorecurrentwidelyknownexploited":"22.95","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":11.7,"vulnote":null}