CVE-2002-1056

2002-06-2504:00:00

mitre

www.cve.org

7.2 High

AI Score

Confidence

High

0.152 Low

EPSS

Percentile

95.9%

JSON

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.

References

marc.info/?l=bugtraq&m=101760380418890&w=2

online.securityfocus.com/archive/1/265621

www.iss.net/security_center/static/8708.php

www.securityfocus.com/bid/4397

docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-021

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A205

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A429