CVE-2001-0726 - Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does no

CVE-2001-0726

Summary

Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message.

References

http://www.osvdb.org/5557
http://www.securityfocus.com/bid/3650
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-057
https://exchange.xforce.ibmcloud.com/vulnerabilities/7663

Vulnerable Configurations

cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 09-04-2020 - 13:46)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	3650
osvdb	5557
xf	exchange-owa-embedded-script-execution(7663)

Last major update

09-04-2020 - 13:46

Published

06-12-2001 - 05:00

Last modified

09-04-2020 - 13:46