Lucene search

[email protected]CVE-2004-2137

HistoryJun 14, 2005 - 4:00 a.m.

CVE-2004-2137

2005-06-1404:00:00

[email protected]

web.nvd.nist.gov

outlook express

email security

remote attack

cve-2004-2137

information leakage

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.039 Low

EPSS

Percentile

92.1%

JSON

Outlook Express 6.0, when sending multipart e-mail messages using the “Break apart messages larger than” setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information.

Affected configurations

NVD

Node

microsoftoutlook_expressMatch6.0

microsoftoutlook_expressMatch6.0sp1

CPENameOperatorVersion
microsoft:outlook_expressmicrosoft outlook expresseq6.0

CPE	Name	Operator	Version
microsoft:outlook_express	microsoft outlook express	eq	6.0

References

secunia.com/advisories/12376

securitytracker.com/id?1011067

support.microsoft.com/kb/843555

www.networksecurity.fi/advisories/outlook-bcc.html

www.osvdb.org/9167

www.securityfocus.com/bid/11040

exchange.xforce.ibmcloud.com/vulnerabilities/17098

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.039 Low

EPSS

Percentile

92.1%

JSON

Related for CVE-2004-2137

nvd1 cvelist1