MS06-029: Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)

NASLDB: MS06-029: Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)

General

ID: 21695
Name: MS06-029: Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)

Summary: Checks for ms06-029 via the registry

Credits: Tenable Network Security

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Port: 139
Family: Windows : Microsoft Bulletins
Type: Local

Description

The remote host is running a version of the Outlook Web Access that contains
cross-site scripting flaws.

This vulnerability could allow an attacker to convince a user
to run a malicious script. If this malicious script is run, it would execute
in the security context of the user.
Attempts to exploit this vulnerability require user interaction.

This vulnerability could allow an attacker access to any data on the
Outlook Web Access server that was accessible to the individual user.

It may also be possible to exploit the vulnerability to manipulate Web browser caches
and intermediate proxy server caches, and put spoofed content in those caches.

Exploiting

Exploit Available: True
Exploitability Ease: Exploits are available

Sources

CVE: CVE-2006-1193
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2006/06/14
Patch Release: –
Plugin Release: 2006/06/13

Plugin

Version: 1.23
Filename: smb_nt_ms06-029.nasl
Filesize: 4942 bytes
MD5 Hash: 3e41fcdcc2645d1086867d2059e8d268

Identification: Host/patch_management_checks
Require Keys: SMB/MS_Bulletin_Checks/Possible
Dependencies: "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"