CVE-2010-3213

Microsoft Outlook Web Access <SP2 - CSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3213. PoCs published by Rosario Valotta.

AI-analyzed exploit summary This is a CSRF exploit for Microsoft Outlook Web Access (OWA) for Exchange 2007, allowing an attacker to set auto-forward rules or remote wipe mobile devices via a crafted HTML form. The exploit leverages the lack of CSRF protections in OWA.

Description

Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Rosario Valotta · textwebappswindows
https://www.exploit-db.com/exploits/14285

This is a CSRF exploit for Microsoft Outlook Web Access (OWA) for Exchange 2007, allowing an attacker to set auto-forward rules or remote wipe mobile devices via a crafted HTML form. The exploit leverages the lack of CSRF protections in OWA.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Outlook Web Access (OWA) for Exchange 2007
Auth required
Prerequisites: Valid OWA session · Victim interaction to visit malicious page
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/41462
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/60164
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14285

Scores

EPSS 0.0838
EPSS Percentile 94.3%

Details

CWE
CWE-352
Status published
Products (1)
microsoft/outlook_web_access 2007 (3 CPE variants)
Published Sep 07, 2010
Tracked Since Feb 18, 2026