Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2007-0220 | First vendor Publication | 2007-05-08 |
Vendor | Cve | Last vendor Modification | 2020-04-09 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0220 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1371 | |||
Oval ID: | oval:org.mitre.oval:def:1371 | ||
Title: | Outlook Web Access Script Injection Vulnerability | ||
Description: | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-0220 | Version: | 2 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Exchange Server |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
34389 | Microsoft Exchange Outlook Web Access (OWA) Attachment Script Injection Exchange Server contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered by incorrect handling of a UTF character set label by Outlook Web Access. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2007-05-10 | IAVM : 2007-A-0031 - Multiple Vulnerabilities in Microsoft Exchange Severity : Category I - VMSKEY : V0014220 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | login literal format string attempt RuleID : 2665-community - Revision : 13 - Type : PROTOCOL-IMAP |
2014-01-10 | login literal format string attempt RuleID : 2665 - Revision : 13 - Type : PROTOCOL-IMAP |
2014-01-10 | Microsoft Windows Exchange MODPROPS denial of service attempt RuleID : 21776 - Revision : 8 - Type : SERVER-MAIL |
2014-01-10 | Microsoft Exchange MODPROPS denial of service PoC attempt RuleID : 14742 - Revision : 5 - Type : SPECIFIC-THREATS |
2014-01-10 | Microsoft Exchange Server MIME base64 decoding code execution attempt RuleID : 12028 - Revision : 8 - Type : SERVER-MAIL |
2014-01-10 | Exchange MODPROPS denial of service attempt RuleID : 11222 - Revision : 9 - Type : SMTP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-05-08 | Name : Arbitrary code can be executed on the remote host through the email server. File : smb_nt_ms07-026.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:05:54 |
|
2021-04-22 01:06:26 |
|
2020-05-23 00:19:07 |
|
2018-10-16 21:19:46 |
|
2018-10-13 00:22:36 |
|
2017-10-11 09:23:49 |
|
2017-07-29 12:01:57 |
|
2016-06-28 16:05:11 |
|
2016-04-26 15:37:37 |
|
2014-02-17 10:38:37 |
|
2013-11-11 12:37:39 |
|
2013-05-11 00:40:30 |
|