CVE-2001-0340

Microsoft Exchange Server - Unrestricted File Upload

Title source: rule

Description

An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.

References (3)

[Broken Link] http://www.ciac.org/ciac/bulletins/l-091.shtml

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-030

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/6652

Scores

EPSS 0.0768

EPSS Percentile 91.8%

Classification

CWE

CWE-434

Status draft

Affected Products (2)

microsoft/exchange_server

Timeline

Published Jul 21, 2001

Tracked Since Feb 18, 2026