Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0481

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2002-0481
Last Modified 05 Sep 2008 04:28:08
Published 12 Aug 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2002-0481

Summary

An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function.

Vulnerable Systems

Application

  • Microsoft Outlook 2002


References

BID - 4340

XF - outlook-iframe-javascript(8604)

BUGTRAQ - 20020321 How Outlook 2002 can still execute JavaScript in an HTML email message


Last Updated: 27 May 2016 10:36:56