Home / malware
First posted on 21 April 2020.
There are no other names known for Exploit:Win32/Owapwn.B.
Exploit:Win32/Owapwn.B exploits a vulnerability discussed in CVE-2010-3213 affecting Outlook Web Access 2007. This vulnerability was resolved in Outlook Web Access 2010, and Outlook Web Access 2007 Service Pack 3. In this attack, an affected user receives a specially crafted email that exploits this vulnerability. For the vulnerability to be exploited, the affected user must open the malicious email in a vulnerable Outlook Web Access application. If opened in a vulnerable application, the email simulates user input into Outlook Web Access. The Proof-of-Concept creates a new rule to forward the email to an external address, thus disclosing information. Analysis by Chris Stubbs
Last update 21 April 2020