Lucene search

K

MitreCVE-2004-0121

HistorySep 01, 2004 - 4:00 a.m.

CVE-2004-0121

2004-09-0104:00:00

CWE-88

mitre

web.nvd.nist.gov

42

cve-2004-0121

microsoft outlook 2002

argument injection vulnerability

nvd

security

vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

High

EPSS

0.718

Percentile

98.1%

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.

Affected configurations

Nvd

Node

microsoftofficeMatchxpsp2

OR

microsoftoutlookMatch2002sp2

VendorProductVersionCPE
microsoftofficexpcpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*
microsoftoutlook2002cpe:2.3:a:microsoft:outlook:2002:sp2:*:*:*:*:*:*

References

marc.info/?l=bugtraq&m=107893704602842&w=2

www.ciac.org/ciac/bulletins/o-096.shtml

www.idefense.com/application/poi/display?id=79&type=vulnerabilities

www.kb.cert.org/vuls/id/305206

www.securityfocus.com/bid/9827

www.us-cert.gov/cas/techalerts/TA04-070A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009

exchange.xforce.ibmcloud.com/vulnerabilities/15414

exchange.xforce.ibmcloud.com/vulnerabilities/15429

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A843

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

High

EPSS

0.718

Percentile

98.1%

Related for CVE-2004-0121

nvd2 securityvulns2 cert1 cvelist2 nessus2 exploitdb1 checkpoint_advisories1 prion1 ubuntucve1 cve1 debiancve1 redhatcve1