Unrated severityNVD Advisory· Published Sep 7, 2010· Updated Apr 29, 2026

CVE-2010-3213

Description

Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.

Affected products

Microsoft/Outlook Web Access3 versions
cpe:2.3:a:microsoft:outlook_web_access:2007:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:outlook_web_access:2007:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook_web_access:2007:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook_web_access:2007:sp2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sites.google.com/site/tentacoloviola/pwning-corporate-webmailsnvdExploit
www.exploit-db.com/exploits/14285nvdExploit
www.securityfocus.com/bid/41462nvdExploit
exchange.xforce.ibmcloud.com/vulnerabilities/60164nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000