Home / malwarePDF  


First posted on 21 April 2020.
Source: Microsoft

Aliases :

There are no other names known for Exploit:Win32/Owapwn.B.

Explanation :

Exploit:Win32/Owapwn.B exploits a vulnerability discussed in CVE-2010-3213 affecting Outlook Web Access 2007. This vulnerability was resolved in Outlook Web Access 2010, and Outlook Web Access 2007 Service Pack 3.  In this attack, an affected user receives a specially crafted email that exploits this vulnerability. For the vulnerability to be exploited, the affected user must open the malicious email in a vulnerable Outlook Web Access application.  If opened in a vulnerable application, the email simulates user input into Outlook Web Access. The Proof-of-Concept creates a new rule to forward the email to an external address, thus disclosing information.  Analysis by Chris Stubbs

Last update 21 April 2020