[原文]An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
[CNNVD]Microsoft Exchange 2000 Server的Outlook Web Access (OWA) service与Internet Explorer 交互脚本执行漏洞(CNNVD-200107-147)
Microsoft Exchange 2000 Server的Outlook Web Access (OWA) service与Internet Explorer的交互存在漏洞。攻击者可以借助包含HTML代码的消息附件执行违反用户邮箱的恶意脚本代码，该漏洞会自动执行。
Exchange contains a flaw that may allow a malicious user to cause a victim to run arbitrary code. The issue is triggered when a specially crafted mail attachment is sent to a Microsoft Exchange user who is known to access OWA with Internet Explorer. The Outlook Web Access component of Exchange requires that scripting be enabled when using Internet Explorer to access a mailbox, and an attachment can be crafted to contain executable code. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.