Microsoft Security Advisory MS01-047 - A vulnerability in Microsoft Exchange 5.5 allows attackers to retrieve email addresses from the global address list (GAL) by sending a properly formatted request to the back-end function that actually performs the search. Microsoft FAQ on this issue available here.
18c4b6c3eb44aecc71e6e6a57632aab76dbf4ce6192e8552ad1c1945bbe99e0c