CVE-2007-0220: XSS
First published: Tue May 08 2007(Updated: )
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Exchange Server | =2000-sp3 | |
| Microsoft Exchange Server | =2003-sp1 | |
| Microsoft Exchange Server | =2003-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/25183
- http://www.kb.cert.org/vuls/id/124113
- http://www.osvdb.org/34389
- http://www.securityfocus.com/archive/1/468871/100/200/threaded
- http://www.securityfocus.com/bid/23806
- http://www.securitytracker.com/id?1018015
- http://www.us-cert.gov/cas/techalerts/TA07-128A.html
- http://www.vupen.com/english/advisories/2007/1711
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-026
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33887
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1371
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/microsoft
- canonical/microsoft exchange server
- version/microsoft exchange server/2000-sp3
- version/microsoft exchange server/2003-sp1
- version/microsoft exchange server/2003-sp2