Exploitation Summary
EIP tracks 1 public exploit for CVE-2010-3213. PoCs published by Rosario Valotta.
AI-analyzed exploit summary This is a CSRF exploit for Microsoft Outlook Web Access (OWA) for Exchange 2007, allowing an attacker to set auto-forward rules or remote wipe mobile devices via a crafted HTML form. The exploit leverages the lack of CSRF protections in OWA.
Description
Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
Exploits (1)
This is a CSRF exploit for Microsoft Outlook Web Access (OWA) for Exchange 2007, allowing an attacker to set auto-forward rules or remote wipe mobile devices via a crafted HTML form. The exploit leverages the lack of CSRF protections in OWA.