Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0121

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0121
Last Modified 05 Sep 2008 04:37:35
Published 15 Apr 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0121

Summary

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.

Vulnerable Systems

Application

  • Microsoft Office Xp

  • Microsoft Outlook 2002


References

CERT - TA04-070A

CERT-VN - VU#305206

BID - 9827

MS - MS04-009

IDEFENSE - 20040309 Microsoft Outlook "mailto:" Parameter Passing Vulnerability

XF - outlook-ms04009-patch(15429)

XF - outlook-mailtourl-execute-code(15414)

CIAC - O-096

BUGTRAQ - 20040310 Outlook mailto: URL argument injection vulnerability


Last Updated: 27 May 2016 10:38:28