According to some security-related mailing lists, a vulnerability in Microsoft Outlook Web Access allows malicious attackers to redirect the login to any URL they wish. This allows the attacker to force the user to the site of the attackers choosing enabling the attacker to use social engenering and phishing style of attacks. An attacker could gather known user email address for a company
that uses OWA. Microsoft knows about this, but apparently there hasn’t been an update as yet.
By appending an obfuscated redirected url with a encoded url such as http://[owa-host]/exchweb/bin/auth/owalogon.asp?url=http://3221234342/
this will take the user to http://example.com when the login box is pressed, and a user is more likely to trust the url. This would be used to send a link to the trusted login. The attacker can then have a page to capture the user / password and redirect back to the original login page or some other form of phishing attack ( or other trusted URL attacks )