CVE-2007-0220

Sažetak

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".

Reference

http://secunia.com/advisories/25183
http://www.kb.cert.org/vuls/id/124113
http://www.osvdb.org/34389
http://www.securityfocus.com/archive/1/468871/100/200/threaded
http://www.securityfocus.com/bid/23806
http://www.securitytracker.com/id?1018015
http://www.us-cert.gov/cas/techalerts/TA07-128A.html
http://www.vupen.com/english/advisories/2007/1711
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-026
https://exchange.xforce.ibmcloud.com/vulnerabilities/33887
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1371

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-04-2020 - 13:30

Objavljeno

08-05-2007 - 23:19