CVE-2010-3213

Name of the Vulnerable Software and Affected Versions Microsoft Outlook Web Access versions 2007 through SP2

Description A cross-site request forgery issue allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests. This can be demonstrated by setting the auto-forward rule.

Recommendations For Microsoft Outlook Web Access versions 2007 through SP2, consider disabling the auto-forward rule setting as a temporary workaround until a patch is available. Restrict access to the owa/ev.owa module to minimize the risk of exploitation.