7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
High
0.152 Low
EPSS
Percentile
95.9%
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
marc.info/?l=bugtraq&m=101760380418890&w=2
online.securityfocus.com/archive/1/265621
www.iss.net/security_center/static/8708.php
www.securityfocus.com/bid/4397
docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-021
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A205
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A429