The phone would have to recognize that an exe file is an executable for your theory to work otherwise it will not even install or execute on the phone.
My iphone and my sons android device does not know how to handle an executable file for installation, and I am not sure on Windows Powered phones, but I am confident that those phones do not know how to handle executable files such as .exe.
Only way to exploit the exchange server would be from a Windows Machine with the capability to execute executable files or to DDoS them.
Yeh i wasnt really talking about execution using a exe binary on a phone, im talking about someone stealing credentials over bluetooth from a iphone/android (Or physically taking ownership long enough to steal the credentials XML used in plain text by apple (Yes its a flaw)) and then using that to login to exchange OWA or through RDP (If the user has dial in access granted through Active Directory) and then distributign through email URL's/drive by downlaods. Once you have a phone in your hands and its hooked up to your wifi, packet sniffing to obtain credentials is even more easy. As far as im concerned, once the damage has been done i coudlnt give a rats a$$, i would want to know how it got explotied in the first place and generally thats through measures that need to be understood by all employees IE(Dont stick a USB drive in thats says "Awsome Porn" on it sitting on the hotel table when traveling for sales), i even knew one hacker that "claims" he accessed parlimentarian data from laptops because he scattered USB sticks around Canberra (Australia) near parliment house in the hope of some dufess minister sticking it in their laptops, curiosity will always be an attack vector for compromising a server/data centre.
But getting back to the main point about a virus executing from mailstore, no thats near on impossible. You would have to exploit OWA first (Which with a simple google search can get some very nice results to /vti_). There are files though that on the last few bytes execute a self extraction (Symantec EPM updates), so i woudl also assume that it could self execute a trojan once the HTML body of a message has been viewed (Speculation at this stage).
Anyway i could on and on about how this but its best left out of these forums lol.