Microsoft Outlook Web Access Vulnerability

October 15, 2008; Martin Suess

The vulnerability found targets the Outlook Web Access application for Microsoft Exchange 2003. A valid user can be redirected to a malicious website when clicking on a specially crafted URL which can be sent to the user by email. If the user is logged in, he is redirected instantly - if he is not logged in yet, the login page will be displayed and he will be redirected after successful login. This vulnerability can be used to redirect the user to a phishing website which shows the (faked) login screen and getting the users logon credentials as soon as he tries to log in on the faked site.

Links:	MS OWA - URL Redirection Vulnerability

News

The Great Firewall - Internet in Shanghai
10/30/08 - Read more about using the Internet from Shanghai in China

KMU Primus 2008
10/23/08 - Compass Security up in the air after being rewarded the third prize in Swiss Banking Innovation Contest KMU Primus 2008...

Interview Radio DRS with Martin Suess and Axel Neumann
10/21/08 - Martin Suess and Axel Neuman have been recently interviewed by Radio DRS. The broadcast took place as part of the "Regionaljournal Ostschweiz" programme on Friday, October 17, 2008, on DRS 1.

Adrian Leuenberger's malware analysis in MELANI semi-annual report 2008/1
10/21/08 - Drive-by infections are a means of spreading malware that attacks the users simply through their surfing habits. Adrian Leuenberger has performed a code analysis of a malware in this regard.

Microsoft Outlook Web Access Vulnerability
10/15/08 - The vulnerability found targets the Outlook Web Access application for Microsoft Exchange 2003.