Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0501


Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0501
Last Modified 05 Sep 2008 04:38:35
Published 18 Aug 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote attackers to know when a message has been read, verify valid e-mail addresses, and possibly leak other information.

Vulnerable Systems


  • Microsoft Outlook 2003


XF - outlook-vml-obtain-information(16116)

BID - 10323

BUGTRAQ - 20040511 PING: Outlook 2003 Spam

NTBUGTRAQ - 20040604 RE: PING: Outlook 2003 Spam

Last Updated: 27 May 2016 10:38:38