CVE-2010-3213

Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.

Published: Sep 7, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-3213
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
microsoft / outlook_web_access	2007-sp1	2007-sp1.x
microsoft / outlook_web_access	2007	2007.x
microsoft / outlook_web_access	2007-sp2	2007-sp2.x

http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails
http://www.exploit-db.com/exploits/14285
http://www.securityfocus.com/bid/41462
https://exchange.xforce.ibmcloud.com/vulnerabilities/60164

Vulnerability Database

289,697

CVE-2010-3213