Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2137

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2137
Last Modified 05 Sep 2008 04:43:18
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2137

Summary

Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information.

Vulnerable Systems

Application

  • Microsoft Outlook Express 6.0


References

XF - outlook-email-address-disclosure(17098)

MISC - http://www.networksecurity.fi/advisories/outlook-bcc.html

MSKB - 843555

SECTRACK - 1011067

SECUNIA - 12376

BID - 11040

OSVDB - 9167


Last Updated: 27 May 2016 10:39:21