CVE-2007-0220

Microsoft Exchange Server - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".

References (11)

[Third Party Advisory] http://secunia.com/advisories/25183

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/124113

[Broken Link] http://www.osvdb.org/34389

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/468871/100/200/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23806

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018015

[Third Party Advisory, US Government Resource] http://www.us-cert.gov/cas/techalerts/TA07-128A.html

[Permissions Required] http://www.vupen.com/english/advisories/2007/1711

[Patch] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-026

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33887

[Third Party Advisory] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1371

Scores

EPSS 0.4367

EPSS Percentile 97.5%

Classification

CWE

CWE-79

Status draft

Affected Products (3)

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

Timeline

Published May 08, 2007

Tracked Since Feb 18, 2026