3rd August 2010
After receiving a recent submission affecting OWA 2007, we have been eyeing a proper environment to test it out. With Exchange 2007 installed on Windows Server 2008 and OWA in place, we started our trusted bt4 webserver and put the malicious html file there. For good measure we decided to attack a logged-in OWA user on a Windows 7 machine.
It is worth remembering that since this is a CSRF type of exploit, we would need to convince the target user to visit our malicious html page by some other means (encoded URL link in an email, etc.).