Vulnerability Bulletins |
Ejecución de código script arbitrario en Microsoft Exchange Outlook Web Access |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Aumento de la visibilidad |
| Dificulty | Experto |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Exchange 2000 Server Pack 3 Microsoft Exchange Server 2003 Service Pack 1 Microsoft Exchange Server 2003 Service Pack 2 |
Description |
|
|
Se ha descubierto una vulnerabilidad en Microsoft Exchange Server 2000 y 2003. La vulnerabilidad reside en un error cuando Outlook Web Access (OWA) maneja ciertos emails. Un atacante remoto podría ejecutar código script arbitrario mediante un email especialmente diseñado que el usuario víctima tendría que abrir. |
|
Solution |
|
|
Actualización de software Microsoft Microsoft Exchange 2000 Server Pack 3 y August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup http://www.microsoft.com/downloads/details.aspx?FamilyId=746CE64E-3186-422B-A13B-004E7942189B Microsoft Exchange Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=0E192781-847F-41C1-B32A-84218DB60942 Microsoft Exchange Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=C777BC9F-52B7-4F17-96C7-DAF3B9987D70 |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-1193 |
| BID | 18381 |
Other resources |
|
|
Microsoft Security Bulletin (MS06-029) http://www.microsoft.com/technet/security/Bulletin/MS06-029.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-06-14 |