Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message.
CVSS v2.0 Score
7.5
/ 10.0
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Information
- Published
- 6 déc. 2001
- Updated
- 16 avr. 2026
- Status
- Modified
- Source
- cve@mitre.org
Affected products
microsoft exchange server
Versions : 5.5
Weaknesses (CWE)
NVD-CWE-noinfo
References (8)
- http://www.osvdb.org/5557Broken Link
- http://www.securityfocus.com/bid/3650Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7663Third Party AdvisoryVDB Entry
- http://www.osvdb.org/5557Broken Link
- http://www.securityfocus.com/bid/3650Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7663Third Party AdvisoryVDB Entry
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.