The vulnerability exists due to improper validation of URLs that redirect users from the Forefront Unified Access Gateway (UAG) to third-party sites.
An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to follow a malicious URL. The URL could be constructed in such a way that the user would first access the UAG interface and then redirect to a third-party website without the user's knowledge, assisting in a spoofing attack.
To expand upon the exploit, the attacker could construct the untrusted website in such a way to mimic the UAG interface, prompting the user to enter credentials normally used to log in to the UAG application. If successful, the spoofing attack could allow the attacker to capture a user's authentication credentials.