7.5

CVE-2001-0340

EPSS 7.39%
Published 21.07.2001 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Exchange Server Version5.5 Update-

Microsoft ≫ Exchange Server Version2000 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	7.39%	0.914

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

http://www.ciac.org/ciac/bulletins/l-091.shtml

Broken Link

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-030

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/6652

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2001-0340

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2001-0340

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2001-0340

EUVD