CVE-2007-0220 Information

Description

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3 and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts spoof content or obtain sensitive information via certain UTF-encoded script-based e-mail attachments involving an \incorrectly handled UTF character set label.

Reference

http://secunia.com/advisories/25183 http://www.kb.cert.org/vuls/id/124113 http://www.osvdb.org/34389 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23806 http://www.securitytracker.com/id?1018015 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1711 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-026 https://exchange.xforce.ibmcloud.com/vulnerabilities/33887 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1371