CVE-2001-0340

Published Jul 21, 2001

Last updated 12 days ago

CVSS info 7.5

Overview

Description
An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
Source
cve@mitre.org
NVD status
Modified
Products
exchange_server

Risk scores

CVSS 2.0

Type
Primary
Base score
7.5
Impact score
6.4
Exploitability score
10
Vector string
AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov
CWE-434

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.CVE-2026-21527
  2. User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.CVE-2025-64667
  3. Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.CVE-2025-64666
  4. Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.CVE-2025-59249
  5. Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.CVE-2025-59248

References

Sources include official advisories and independent security research.