Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
Software | From | Fixed in |
---|---|---|
microsoft / outlook_web_access | 2007 | 2007.x |
microsoft / outlook_web_access | 2007-sp1 | 2007-sp1.x |
microsoft / outlook_web_access | 2007-sp2 | 2007-sp2.x |