[Am-info] Malicious HTML e-mail can access OWA files
Fred A. Miller
fm@cupserv.org
Thu, 13 Dec 2001 16:40:50 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Malicious HTML e-mail can access OWA files
Microsoft has released MS01-057 ("Malicious HTML e-mail can access
OWA files"). An e-mail containing malicious javascript could execute
script with full access to the user's Outlook Web Access functions.
This attack is otherwise known as cross-site scripting and, since
scripting is required to use OWA, cannot be prevented by turning
off scripting.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS01-057.asp
Source: Microsoft
http://archives.neohapsis.com/archives/vendor/2001-q4/0054.html
- --
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8GSBiIhTtc6nTZIIRAoXEAKCXycul/UiDaqXe/tdzshJ2zuo32QCghP8P
A/A9/rnFR/xqoCdNfPvbyoA=
=E8m0
-----END PGP SIGNATURE-----