=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2005/VULN376
_____________________________________________________________________

DATE                      : 15/06/2005

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Exchange Server 5.5.

======================================================================

http://www.microsoft.com/technet/security/Bulletin/MS05-029.mspx

MS05-029 - Vulnerability in Outlook Web Access for Exchange Server 5.5
            Could Allow Cross-Site Scripting Attacks (895179)

   - Affected Software:
     - Exchange Server 5.5 Service Pack 4

     - Impact: Remote Code Execution
     - Version Number: 1.0


- From the Microsoft Security Bulletin MS05-029:

Vulnerability Details

Exchange Server Outlook Web Access Vulnerability - CAN-2005-0563:

This is a cross-site scripting vulnerability. The cross-site scripting
vulnerability could allow an attacker to convince a user to run a malicious
script. If this malicious script is run, it would execute in the security
context of the user. Attempts to exploit this vulnerability require user
interaction. This vulnerability could allow an attacker access to any data
on the Outlook Web Access server that was accessible to the individual user.

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================