Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1378

Overview

Vulnerability Score 8.8 8.8
CVE Id CVE-2003-1378
Last Modified 05 Sep 2008 04:36:46
Published 31 Dec 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2003-1378

Summary

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.

Vulnerable Systems

Application

  • Microsoft Outlook 2000

  • Microsoft Outlook Express 6.0


References

XF - outlook-codebase-execute-programs(11411)

BID - 6923

BUGTRAQ - 20030224 Re: O UT LO OK E XPRE SS 6 .00 : broken

BUGTRAQ - 20030223 O UT LO OK E XPRE SS 6 .00 : broken


Last Updated: 27 May 2016 10:38:20