Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0380

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0380
Last Modified 10 Sep 2008 03:26:08
Published 04 May 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0380

Summary

The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."

Vulnerable Systems

Application

  • Microsoft Outlook Express 5.5

  • Microsoft Outlook Express 6.0


References

CERT-VN - VU#323070

CERT - TA04-104A

BUGTRAQ - 20040328 IE ms-its: and mk:@MSITStore: vulnerability

BUGTRAQ - 20040219 Microsoft Internet Explorer Unspecified CHM File Processing Arbitrary Code Execution Vulnerability (bid 9658)

MS - MS04-013

XF - outlook-mhtml-execute-code(15705)

BID - 9658

MISC - http://www.k-otik.net/bugtraq/02.18.InternetExplorer.php

BID - 9105

SECUNIA - 10523


Last Updated: 27 May 2016 10:38:35