CVE-2006-1193

Microsoft Exchange Server 2000 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1193. PoCs published by Daniel Fabian.

AI-analyzed exploit summary This Perl script exploits CVE-2006-1193, a script-injection vulnerability in Microsoft Exchange Server Outlook Web Access. It sends a malicious email with a crafted HTML payload containing an XSS attack via an image tag with an onError event handler.

Description

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Daniel Fabian · perlremotewindows

https://www.exploit-db.com/exploits/28005

View Code ZIP pw:eip

This Perl script exploits CVE-2006-1193, a script-injection vulnerability in Microsoft Exchange Server Outlook Web Access. It sends a malicious email with a crafted HTML payload containing an XSS attack via an image tag with an onError event handler.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Exchange Server Outlook Web Access

No auth needed

Prerequisites: Access to an SMTP server · Valid email addresses for sender and recipient

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14

Core References

Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1016280

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046892.html

Broken Link vdb-entry x_refsource_osvdb

http://www.osvdb.org/26441

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/25550

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA06-164A.html

Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18381

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/2326

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1161

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1070

Third Party Advisory x_refsource_misc

http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt

Patch, Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-029

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1315

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/138188

Patch, Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20634

Scores

EPSS 0.3917

EPSS Percentile 98.4%

Details

CWE

CWE-79

Status published

Products (1)

microsoft/exchange_server 2000 sp1 (3 CPE variants)

Published Jun 13, 2006

Tracked Since Feb 18, 2026