CVE-2006-1193

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2000 versions SP1 through SP3

Description The issue is related to a cross-site scripting (XSS) vulnerability when running Outlook Web Access (OWA). It allows remote attackers to inject arbitrary HTML or web script via unknown vectors related to HTML parsing. An attacker could exploit this by constructing an e-mail message with a specially crafted script, which would execute in the security context of the user on the client if run. This requires user interaction.

Recommendations For Microsoft Exchange Server 2000 versions SP1 through SP3, consider disabling Outlook Web Access (OWA) until a patch is available to prevent exploitation of the script injection vulnerability. Restrict access to HTML parsing components to minimize the risk of arbitrary HTML or web script injection. Avoid using OWA for sensitive operations until the issue is resolved.