Microsoft Outlook Web Access is vulnerable to an HTML code injection/cross site scripting attack. A malicous user could craft a mail containing HTML and Javascript code. Such code could be used to steal session information from the victims cookies, and thus enable the attacker to get access to the victim's emails.
dccfbc946917b8c4d45a7217924d48a440d871a4d69d0cbdf997231cd6903b20Hello,
Just in case anybody is interested in the vulnerability details of the
recently discovered Cross Site Scripting flaw in Outlook Web Access, we have
now put the according advisory with these details on our web page:
http://www.sec-consult.com/270.html
Regards,
Daniel
--
__________________________________________
SEC Consult Unternehmensberatung GmbH
www.sec-consult.com
A-1080 Vienna, Blindengasse 3
phone +43 1 8903043
fax +43 1 8903043 15
Advisor for your information security.
__________________________________________
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed