Question : URL Injection flaw - OWA 2003

Good afternoon Gurus:

Well i've worked hard at it, but I have a final issue with my PCI Compliancy network scan. Apparently there is a long-standing flaw with OWA 2003 that exposes it to URL Injection hacks and it was picked up on my PCI Scan:

Synopsis : The remote web server is vulnerable to a URL injection vulnerability. Description : The remote host is running Microsoft Outlook Web Access 2003. Due to a lack of sanitization of the user input, the remote version of this software is vulnerable to URL injection which can be exploited to redirect a user to a different, unauthorized web server after authenticating to OWA. This unauthorized site could be used to capture sensitive information by appearing to be part of the web application.

I've scoured the internet for a patch, which MS says to "upgrade to Exchange 2007", which my comment is yea, right, here's more $$.

Any ideas or has anyone successfully patched this issue?
You'll notice there is a link to the advisory and there is no official

Answer : URL Injection flaw - OWA 2003

have found a fix for this & have tested it. I'm using Exchange 2003, & OWA with FBA
Here's the fix:
=================================================================================
Workaround: I have found a simple workaround solution about this bug. logon.asp uses user inputs without verification. There are two lines in code: redirectPath = Request.QueryString("url") redirectPath = Server.HTMLEncode(redirectPath) If you set "url" string statically in this code, then user inputs are ignored for "url" parameter. Or, simply, if you comment out these two lines, it redirects you default server page without looking user input "url".
Regards, Serkan Erayabakan - author of this fix
==================================================================================
I used the second part of Serkan's workaround & I commented out the 2 redirect path lines.
This worked like a charm
The test I used came from Donnie Werner (exploitlabs.com), https://owa.domain.com/exchweb/bin/auth/owalogon.asp?url=https://google.com
Where owa.domain.com is your Outlook Web Access URL
Before the fix, I was redirected to Google.com
After the fix, I logged into OWA normally, & the Google Redirect was ignored.

Hope this helps towards your PCI Compliance

Random Solutions

Complex query made easy?!

Internet selectively disconnecting in Vista after 10-15 minutes.

Calculate working date & time using one date

IIS 7 Enable Details Error messages remotely

VB.Net - BulkCopy Excel to SQL...works, but funky

MS Outlook and Amicus Atorney

Can't connect to SQL server 2008 (error 40 could not open a connection to the SQL Server)

Converting Access queries to T-SQL problems

Dynamically changing WCF sendTimeout

DataGrid Scrollbar Width