Microsoft Outlook Web Access is vulnerable to an HTML code injection/cross site scripting attack. A malicous user could craft a mail containing HTML and Javascript code. Such code could be used to steal session information from the victims cookies, and thus enable the attacker to get access to the victim's emails.
dccfbc946917b8c4d45a7217924d48a440d871a4d69d0cbdf997231cd6903b20