Microsoft Outlook Web Access Cross-Site Scripting (Technical Details, MS05-029)
15 Jun. 2005
Summary
Microsoft Outlook Web Access is "an optional component included in Microsoft Exchange that allows users to access their mailboxes using a web frontend".
The Outlook Web Access module of Microsoft Exchange has been found to be vulnerable to a cross site scripting.
Remote exploitation of a Cross-Site Scripting vulnerability in the Outlook Web Access (OWA) component within version 5.5 of Microsoft's Exchange Server allows an attacker to force to inject arbitrary script code into a users session, possibly stealing logon credentials.
To demonstrate the vulnerability, simply embed the following encoded text into an HTML e-mail:
< IMG SRC="javAsc
ript:alert('XSS')">
This will have the affect of popping up an alert window when the targeted user views the mail using Outlook Web Access. This proof of concept could easily be altered to cause the script to return authentication credentials to an attacker controlled server.
Successful exploitation of this vulnerability would allow an attacker to inject arbitrary script code into the Web Access session. This could allow for the theft of authentication information, which could lead to a compromised mail account. In order for exploitation to occur, the targeted user would only have to view an e-mail from an attacker. As it is trivial to spoof the source of e-mail, this vulnerability has a high potential for widespread exploitation.
