Lucene search

[email protected]CVE-2004-0121

HistoryApr 15, 2004 - 4:00 a.m.

CVE-2004-0121

2004-04-1504:00:00

CWE-88

[email protected]

web.nvd.nist.gov

cve-2004-0121

microsoft outlook 2002

argument injection vulnerability

nvd

security

vulnerability

8.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.718 High

EPSS

Percentile

98.1%

JSON

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.

CPENameOperatorVersion
microsoft:outlookmicrosoft outlookeq2002
microsoft:officemicrosoft officeeqxp

CPE	Name	Operator	Version
microsoft:outlook	microsoft outlook	eq	2002
microsoft:office	microsoft office	eq	xp

References

marc.info/?l=bugtraq&m=107893704602842&w=2

www.ciac.org/ciac/bulletins/o-096.shtml

www.idefense.com/application/poi/display?id=79&type=vulnerabilities

www.kb.cert.org/vuls/id/305206

www.securityfocus.com/bid/9827

www.us-cert.gov/cas/techalerts/TA04-070A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009

exchange.xforce.ibmcloud.com/vulnerabilities/15414

exchange.xforce.ibmcloud.com/vulnerabilities/15429

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A843

8.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.718 High

EPSS

Percentile

98.1%

JSON

Related for CVE-2004-0121

checkpoint_advisories1 securityvulns2 cert1 nessus2 debiancve1 redhatcve1 prion1 ubuntucve1 cve1 cvelist1