Outlook Web Access is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.
A successful exploit may aid in phishing attacks.
OWA 6.5 SP 2 is vulnerable; other versions may also be affected.
Information
Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2003
Exploit
An attacker can exploit this issue by enticing an unsuspecting victim into following a malicious URI.
The following example URIs are available:
https://webmail.example.com/exchweb/bin/redir.asp?URL=http://www.example2.com
https://webmail.example.com/CookieAuth.dll?GetLogon?url=%2Fexchweb%2Fbin%2Fredir.asp%3FURL%3Dhttp%3A%2F%2Fwww.example2.com&reason=0
References:
- Exchange Server Home Page (Microsoft)
- MS OWA 2003 Redirection Vulnerability (Martin Suess
) - Re: MS OWA 2003 Redirection Vulnerability - [MSRC 7368br] (Davide Del Vecchio
) - Re: Re: MS OWA 2003 Redirection Vulnerability - [MSRC 7368br] ("Giuseppe Gottardi"
)