Microsoft Outlook Web Access HTML Attachment Script Execution Vulnerability

Microsoft Outlook Web Access HTML Attachment Script Execution Vulnerability

OWA contains a vulnerability that may result in attacker-supplied script code executing within the context of the mail interface when processing e-mail containing HTML message attachments.

It is possible to prevent filtering of the attachment by omitting a certain URI parameter from a generated URL.

If did parameter does not exist, no filtering will be performed. Unfiltered, the script code will execute if embedded in an HTML email opened by a user.