Microsoft Outlook Web Access Vulnerability
(Microsoft Security Advisory 2401593, CVE-2010-3213 )
Vulnerability
An elevation of privilege vulnerability has been reported in Microsoft Outlook Web Access. Successful exploitation of this issue could allow an attacker to login to the OWA session, leading to elevation of privilege.
Details
Outlook Web Access (OWA) is a widely used webmail service of Microsoft Exchange Server 5.0 and later. The web interface of OWA resembles the interface in Microsoft Outlook.
The vulnerability is due to an error in Outlook Web Access, which under certain circumstances allows an authenticated OWA session to be hijacked by an attacker. A remote attacker may exploit this issue by convincing a user to visit a malicious Web page that the attacker crafted specifically for the targeted Exchange domain, during an active OWA session. Successful exploitation of this issue could allow the attacker to perform actions on behalf of the authenticated user in the security context of the active OWA session, such as reading e-mail messages, adding new inbox rules, or changing OWA user preferences.
Affected Products
This vulnerability exists in Microsoft Exchange Server versions 2003 SP1, 2007 SP1, and 2007 SP2.
Solution
Check Point IPS Software Blade provides immediate network protection in the latest IPS Update by detecting and blocking attempts to exploit this vulnerability. For more information, see CPAI-2010-268 .
Published September 14, 2010