6.8

CVE-2007-0220

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftExchange Server Version2000 Updatesp3
MicrosoftExchange Server Version2003 Updatesp1
MicrosoftExchange Server Version2003 Updatesp2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 33.15% 0.981
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securityfocus.com/archive/1/468871/100/200/threaded
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA07-128A.html
Third Party Advisory
US Government Resource
http://secunia.com/advisories/25183
Third Party Advisory
http://www.securitytracker.com/id?1018015
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2007/1711
Permissions Required
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-026
Patch
http://www.kb.cert.org/vuls/id/124113
Third Party Advisory
US Government Resource
http://www.osvdb.org/34389
Broken Link
http://www.securityfocus.com/bid/23806
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/33887
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1371
Third Party Advisory