CVE-2008-2248

Name of the Vulnerable Software and Affected Versions: Outlook Web Access (OWA) for Exchange Server 2003 SP2

Description: The issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML. Exploitation could lead to elevation of privilege on individual OWA clients, enabling actions such as reading, sending, and deleting email as the logged-on user. This can be achieved by convincing a user to open a specially crafted email that runs malicious script within an individual OWA client.

Recommendations: For Outlook Web Access (OWA) for Exchange Server 2003 SP2, consider restricting access to potentially vulnerable HTML elements until a patch is available. As a temporary workaround, avoid using OWA to open suspicious or unsolicited emails.