CVE-2005-0420

Microsoft Exchange Server - Open Redirect via OWA Login Page

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0420. PoCs published by Morning Wood.

AI-analyzed exploit summary This exploit demonstrates a URI-redirection vulnerability in Microsoft Outlook Web Access (OWA) by crafting malicious URLs that redirect users to arbitrary domains upon login form submission. The issue stems from insufficient sanitization of the 'url' parameter in the 'owalogon.asp' script.

Description

Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Morning Wood · textwebappsasp

https://www.exploit-db.com/exploits/25084

View Code ZIP pw:eip

This exploit demonstrates a URI-redirection vulnerability in Microsoft Outlook Web Access (OWA) by crafting malicious URLs that redirect users to arbitrary domains upon login form submission. The issue stems from insufficient sanitization of the 'url' parameter in the 'owalogon.asp' script.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Outlook Web Access (OWA) for Exchange Server

No auth needed

Prerequisites: Access to a vulnerable OWA instance · Ability to craft and deliver malicious URLs to victims

MITRE ATT&CK

T1566.002 - Spearphishing Link

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/14144

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/lists/fulldisclosure/2005/Feb/0106.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/19225

Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/12459

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2005/0105

Scores

EPSS 0.2556

EPSS Percentile 97.7%

Details

CWE

CWE-601

Status published

Products (1)

microsoft/exchange_server 2003 (2 CPE variants)

Published Apr 27, 2005

Tracked Since Feb 18, 2026