Lucene search

[email protected]CVE-2002-1056

HistoryMay 16, 2002 - 4:00 a.m.

CVE-2002-1056

2002-05-1604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2002-1056

microsoft outlook

email security

remote code execution

nvd

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.152 Low

EPSS

Percentile

95.8%

JSON

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.

CPENameOperatorVersion
microsoft:outlookmicrosoft outlookeq2000
microsoft:wordmicrosoft wordeq2000
microsoft:wordmicrosoft wordeq2002
microsoft:outlookmicrosoft outlookeq2002

CPE	Name	Operator	Version
microsoft:outlook	microsoft outlook	eq	2000
microsoft:word	microsoft word	eq	2000
microsoft:word	microsoft word	eq	2002
microsoft:outlook	microsoft outlook	eq	2002

References

marc.info/?l=bugtraq&m=101760380418890&w=2

online.securityfocus.com/archive/1/265621

www.iss.net/security_center/static/8708.php

www.securityfocus.com/bid/4397

docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-021

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A205

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A429

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.152 Low

EPSS

Percentile

95.8%

JSON

Related for CVE-2002-1056

nessus1