He attached an explanatory PDF with his note, which described the behavior of Microsoft Autodiscover protocol when email client software tries to add a new Exchange account. His proof-of-concept exploit code, which affected Outlook (both Mac and PC), default email apps for Android and iOS, Apple Mail for Mac OS X, and others, consisted of 11 lines of PHP, though he insisted the exploit probably could have been reduced to three lines.
