MS Exchange 5.5 Spoofing Flaw Fixed
Moderately critical vulnerability puts users at risk of cross-site scripting and spoofing attacks.
A security vulnerability in Microsoft's
Server 5.5 Outlook Web Access could put users at risk of cross-site
scripting and spoofing attacks, the software giant warned on Tuesday.
The Exchange Server 5.5 flaw, which was reported by research firm Sanctum, resolves a software flaw that could allow an attacker to convince a user to run a malicious script.
"An attacker who successfully exploited the vulnerability could manipulate Web browser caches and intermediate proxy server caches, and put spoofed content in those caches," Microsoft said. They may also be able to exploit the vulnerability to perform cross-site scripting attacks."
The bug only affects Microsoft Exchange Server 5.5 SP4 and the Outlook Web Access component.