CVE-2010-3213

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Web Access
Vendor: CVE Published:; 7 September 2010

Summary

Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.

References

http://www.securityfocus.com/bid/41462

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/60164

vdb-entryx_refsource_XF

http://sites.google.com/site/tentacoloviola/pwning-corpor...

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 7, 2010
Vulnerability Reserved
Sep 3, 2010

Collectors

NVD DatabaseMitre Database