6.4 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.559 Medium
EPSS
Percentile
97.6%
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an “incorrectly handled UTF character set label”.
CPE | Name | Operator | Version |
---|---|---|---|
exchange_server | eq | 2000 sp3 | |
exchange_server | eq | 2003 sp1 | |
exchange_server | eq | 2003 sp2 |
secunia.com/advisories/25183
www.kb.cert.org/vuls/id/124113
www.osvdb.org/34389
www.securityfocus.com/archive/1/468871/100/200/threaded
www.securityfocus.com/bid/23806
www.securitytracker.com/id?1018015
www.us-cert.gov/cas/techalerts/TA07-128A.html
www.vupen.com/english/advisories/2007/1711
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-026
exchange.xforce.ibmcloud.com/vulnerabilities/33887
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1371