Microsoft Exchange Server Outlook Web Access Script Injection (MS06-029; CVE-2006-1193)

Microsoft provides server and client side implementations of email protocols such as SMTP, POP3 and IMAP. The widely used Exchange Server product is an implementation of an email server capable of handling most standard Internet protocols as well as numerous proprietary Microsoft protocols and...

Microsoft Exchange Server OWA脚本注入漏洞（MS06-029）

Microsoft Exchange Server是一款流行的邮件服务器。 Exchange Server在处理邮件中的脚本存在漏洞，导致脚本代码在用户机器上非授权执行。 运行Outlook Web Access OWA的Exchange Server在某些情况下没有正确的过滤邮件中的 脚本，导致脚本注入漏洞。攻击者可以通过创建有特制脚本的邮件消息来利用这个漏洞。如果运行了特制脚本的话，就会在客户端以用户的安全环境执行。利用这个漏洞需要用户交互。 Microsoft Exchange Server 2003 SP2 Microsoft Exchange Server 2003 SP1...

MS06-029: Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)

The remote host is running a version of the Outlook Web Access that contains cross-site scripting flaws. This vulnerability could allow an attacker to convince a user to run a malicious script. If this malicious script is run, it would execute in the security context of the user. Attempts to...