Lucene search

[email protected]CVE-2004-2482

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2482

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-2482

microsoft outlook

microsoft word

email security

remote code execution

8.2 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.045 Low

EPSS

Percentile

92.3%

JSON

Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.

CPENameOperatorVersion
microsoft:outlookmicrosoft outlookeq2000
microsoft:outlookmicrosoft outlookeq2003

CPE	Name	Operator	Version
microsoft:outlook	microsoft outlook	eq	2000
microsoft:outlook	microsoft outlook	eq	2003

References

secunia.com/advisories/12041

www.osvdb.org/7769

www.securityfocus.com/archive/1/368492

www.securityfocus.com/bid/10683

exchange.xforce.ibmcloud.com/vulnerabilities/16663

8.2 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.045 Low

EPSS

Percentile

92.3%

JSON