Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1193

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-1193
Last Modified 07 Mar 2011 09:32:21
Published 13 Jun 2006 03:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1193

Summary

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."

Vulnerable Systems

Application

  • Microsoft Exchange Server 2000


References

CERT - TA06-164A

CERT-VN - VU#138188

BID - 18381

MS - MS06-029

SECTRACK - 1016280

SECUNIA - 20634

VUPEN - ADV-2006-2326

MISC - http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt

OSVDB - 26441

XF - exchange-owa-xss(25550)

FULLDISC - 20060614 SEC Consult SA-20060613-0 :: Outlook Web Access Cross Site Scripting Vulnerability


Last Updated: 27 May 2016 10:41:58