Microsoft Outlook Web Access vulnerabilities

CVE-2010-3213 [MEDIUM] CWE-352 CVE-2010-3213: Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 th Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.

CVE-2005-1052 [MEDIUM] CVE-2005-1052: Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated add Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.