From: Russ (Russ.CooperRC.ON.CA)
Date: Fri Oct 24 2003 - 08:07:39 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Reason for Revision:
V2.0 October 22, 2003: Updated to include details of an additional patch
for languages available through the Outlook Web Access language pack.

Microsoft Security Bulletin MS03-047:
Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow
Cross-Site Scripting Attack (828489)

Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS03-047.asp

Summary:
  Version Number: V2.0
  Revision Date: 10-22-2003
  Impact of Vulnerability: Remote Code Execution
  Maximum Severity Rating: Moderate
  Patch(es) Replaced: This patch replaces Microsoft Security Bulletin
MS01-057.
  Caveats: Customers who have customized any of the ASP pages in the
File Information section in this document should backup those files
before applying this patch as they will be overwritten when the patch is
applied. Any customizations would then need to be reapplied to the new
ASP pages.
  CVE Number(s): CAN-2003-0712

Tested Software:
  Affected Software:
  * Microsoft Exchange Server 5.5, Service Pack 4
<http://www.ntbugtraq.com/link/C516FE75-95CE-4FFF-B83D-9B170FCD0C1C.asp>

  Software Not Affected:
  * Microsoft Exchange 2000 Server <LI>Microsoft Exchange Server 2003

This email is sent to NTBugtraq automatically as a service to my
subscribers. (v2.0)

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa. Promotion expires
12/31/03 and cannot be used in combination with other offers.

----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]