Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1056

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1056
Last Modified 10 Sep 2008 03:13:48
Published 16 May 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1056

Summary

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.

Vulnerable Systems

Application

  • Microsoft Outlook 2000

  • Microsoft Outlook 2002

  • Microsoft Word 2000

  • Microsoft Word 2002


References

MS - MS02-021

BID - 4397

XF - outlook-object-execute-script(8708)

BUGTRAQ - 20020403 More Office XP problems (Version 2.0)

BUGTRAQ - 20020331 More Office XP Problems


Last Updated: 27 May 2016 10:37:10