Intrusion Prevention

MS.Outlook.Web.Access.Login.Form.URI.Redirection

Description

This indicates an attempt to exploit a remote URI Redirection vulnerability in Microsoft Exchange Server 2003.
The vulnerability is caused by the application's failure to sanitize user supplied input. A successful attack may allow the attacker to load arbitrary pages when the Microsoft Outlook Web Access login form is submitted.

Affected Products

Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2003

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the website.
http://www.microsoft.com/exchange/en-us/default.aspx

CVE References

CVE-2005-0420