Home / bulletins

MS08-039 – Important: Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) - Version:1.2

Posted on 17 July 2008

There is an newer version: MS08-039 - Version: 1.2

Severity Rating: Important - Revision Note: V1.2 (July 16, 2008): Added Microsoft Exchange Server 2000 Service Pack 3 as non-affected software. Also provided links to additional information on Outlook Web Access Light and Outlook Web Access Premium in the Mitigating Factors sections. Finally, updated the applicable software under the “Windows Server Update Services” heading in the section, Detection and Deployment Tools and Guidance.Summary: This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server. An attacker who successfully exploited these vulnerabilities could gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client’s OWA session.

Link

Other versions

 

TOP