Microsoft Outlook 2003 - Web Access Login Form Remote URI redirection

EDB-ID:

25084




Platform:

ASP

Date:

2005-02-07


source: https://www.securityfocus.com/bid/12459/info

A remote URI-redirection vulnerability affects Microsoft Outlook Web Access. This issue occurs because the application fails to properly sanitize URI-supplied data.

An attacker may leverage this issue to carry out convincing phishing attacks against unsuspecting users by causing an arbitrary page to be loaded when the Microsoft Outlook Web Access login form is submitted. 

https://owa.example.com/exchweb/bin/auth/owalogon.asp?url=http://www.example.net
https://owa.example.com/exchweb/bin/auth/owalogon.asp?url=http://3221234342/