CVE-2017-0110

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server (affected versions not specified)

Description The issue exists due to inadequate protection of the web page structure in Microsoft Exchange Server, specifically in Outlook Web Access (OWA). This allows a remote attacker to inject arbitrary web script or HTML via a crafted email or chat client, potentially leading to an elevation of privilege. For exploitation to occur, a user must click on a maliciously crafted link from an attacker.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.