=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN329
_____________________________________________________________________

DATE                      : 14/06/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Exchange 2000 Server,
                                             Exchange Server 2003.

======================================================================

MS06-029 - Vulnerability in Microsoft Exchange Server Running
Outlook Web Access Could Allow Script Injection (912442)

Affected Software:
	- Microsoft Exchange 2000 Server Pack 3 with the August 2004
	  Exchange 2000 Server Post-Service Pack 3 Update Rollup
	- Microsoft Exchange Server 2003 Service Pack 1
	- Microsoft Exchange Server 2003 Service Pack 2

Full MS06-029 advisory:
http://www.microsoft.com/technet/security/Bulletin/MS06-029.mspx

Vulnerability Details
	
Microsoft Exchange Server when running Outlook Web Access
Vulnerability - CVE-2006-1193

	An attacker could try to exploit this vulnerability by sending
	a specially crafted message to a user. The user would then have
	to open the message by using Outlook Web Access. The message
	could then cause the affected system to run script in the context
	of the users Outlook Web Access session.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================