Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0481


Vulnerability Score 5.1 5.1
CVE Id CVE-2002-0481
Last Modified 05 Sep 2008 04:28:08
Published 12 Aug 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE



An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function.

Vulnerable Systems


  • Microsoft Outlook 2002


BID - 4340

XF - outlook-iframe-javascript(8604)

BUGTRAQ - 20020321 How Outlook 2002 can still execute JavaScript in an HTML email message

Last Updated: 27 May 2016 10:36:56