A vulnerability exists in Exchange Server 2003 that can lead to "privilege escalation". The problem is due to a bug in the handling of NTLM authentication in Outlook Web Access. Using NTLM rather than Kerberos may lead to users gaining access to the wrong mailbox.
Affected Software:
Microsoft Exchange Server 2003
Read the bulletin at http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-002.asp