Vulnerability Description
Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Exchange Server | 5.5 |
References
- http://www.osvdb.org/5557Broken Link
- http://www.securityfocus.com/bid/3650Third Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-05PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7663Third Party AdvisoryVDB Entry
- http://www.osvdb.org/5557Broken Link
- http://www.securityfocus.com/bid/3650Third Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-05PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7663Third Party AdvisoryVDB Entry
FAQ
What is CVE-2001-0726?
CVE-2001-0726 is a vulnerability with a CVSS score of 7.5 (HIGH). Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actio...
How severe is CVE-2001-0726?
CVE-2001-0726 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0726?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Exchange Server.