CVE-2001-0726

high

Microsoft

CVSS v3 Base Score

7.5

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Score

9.9%

Exploitation probability in 30 days

Top 7% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: December 6, 2001 (8925 days ago)

Last Modified: April 16, 2026

Vendor: Microsoft

Source: NVD

Description

Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message.

CWE

NVD-CWE-noinfo

Affected Products

microsoft exchange server

References

🔗 www.osvdb.org 🔗 www.securityfocus.com 🔗 docs.microsoft.com 🔗 exchange.xforce.ibmcloud.com 🔗 www.osvdb.org

CVE-2001-0726

Vulnerability Report

Description

CWE

Affected Products

References