CVE-2008-1547

Name of the Vulnerable Software and Affected Versions Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638)

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. This can be exploited by including a malicious URL in the URL parameter of the /exchweb/bin/redir.asp API endpoint.

Recommendations For Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2, consider restricting access to the /exchweb/bin/redir.asp API endpoint until a fix is available. Avoid using the URL parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.