Microsoft Outlook Web Access远程脚本注入漏洞（MS07-026）

Outlook Web Access是Microsoft Exchange中用于通过Web浏览器读取和发送邮件的工具。 Outlook Web Access在处理特定的数据编码时存在漏洞，远程攻击者可能利用此漏洞控制用户机器。 Outlook Web Access没有正确地处理某些UTF字符集标签，因此可能未经正确地过滤便显示了基于脚本的附件。如果攻击者发送了带有特制UTF编码邮件附件的话，就可能导致在用户浏览器环境中执行任意代码或读取敏感信息。 Microsoft Exchange Server 2003 SP2 Microsoft Exchange Server 2003 SP1...

Cross site scripting

Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an...

Microsoft Exchange Outlook Web Access UTF character set label script injection vulnerability

Overview Microsoft Exchange Outlook Web Access OWA fails to properly handle the UTF character set label, which can allow a remote, unauthenticated attacker to execute script within the security context of the OWA user. Description OWA allows users to access their email accounts on a Microsoft...