source: https://www.securityfocus.com/bid/8113/info OWA contains a vulnerability that may result in attacker-supplied script code executing within the context of the mail interface when processing e-mail containing HTML message attachments. It is possible to prevent filtering of the attachment by omitting a certain URI parameter from a generated URL. If did parameter does not exist, no filtering will be performed. Unfiltered, the script code will execute if embedded in an HTML email opened by a user.
http://www.ilikemarijuana.com