Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0121


Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0121
Last Modified 05 Sep 2008 04:37:35
Published 15 Apr 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.

Vulnerable Systems


  • Microsoft Office Xp

  • Microsoft Outlook 2002


CERT - TA04-070A

CERT-VN - VU#305206

BID - 9827

MS - MS04-009

IDEFENSE - 20040309 Microsoft Outlook "mailto:" Parameter Passing Vulnerability

XF - outlook-ms04009-patch(15429)

XF - outlook-mailtourl-execute-code(15414)

CIAC - O-096

BUGTRAQ - 20040310 Outlook mailto: URL argument injection vulnerability

Last Updated: 27 May 2016 10:38:28