{"type": "osvdb", "published": "2004-05-09T06:56:01", "href": "https://vulners.com/osvdb/OSVDB:5998", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/", "score": 5.0}, "viewCount": 1, "edition": 1, "reporter": "http-equiv(http-equiv@excite.com\n)", "title": "Microsoft Outlook Predictable File Caching", "affectedSoftware": [{"operator": "eq", "version": "2003", "name": "Outlook"}], "enchantments": {"score": {"value": 5.9, "vector": "NONE", "modified": "2017-04-28T13:20:00", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-0502"]}, {"type": "exploitdb", "idList": ["EDB-ID:24101"]}], "modified": "2017-04-28T13:20:00", "rev": 2}, "vulnersScore": 5.9}, "references": [], "id": "OSVDB:5998", "lastseen": "2017-04-28T13:20:00", "cvelist": ["CVE-2004-0502"], "modified": "2004-05-09T06:56:01", "description": "## Vulnerability Description\nOutlook 2003 contains a flaw that may allow a malicious user to place potentially malicious content on a predictable location on the target's computer. The issue is triggered when malicious content is included in an <img> tag. This allows a cross-domain violation. Code on a remote web page can then open files on a local computer and execute arbitrary code with user-level security resulting in a loss of confidentiality, integrity, and/or availability.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nOutlook 2003 contains a flaw that may allow a malicious user to place potentially malicious content on a predictable location on the target's computer. The issue is triggered when malicious content is included in an <img> tag. This allows a cross-domain violation. Code on a remote web page can then open files on a local computer and execute arbitrary code with user-level security resulting in a loss of confidentiality, integrity, and/or availability.\n## Manual Testing Notes\n<img src=\"malware.htm\" style=\"display:none\"> \n## References:\nVendor URL: http://office.microsoft.com/home/office.aspx?assetid=FX01085793&CTT=6&Origin=ES790020011033\n[Secunia Advisory ID:11572](https://secuniaresearch.flexerasoftware.com/advisories/11572/)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0389.html\nMail List Post: http://www.techsupportforum.com/computer/topic/17010-1.html\nMail List Post: http://archives.neohapsis.com/archives/secunia/2004-q2/0304.html\nMail List Post: http://www.coding-network.net/modules.php?name=News&file=article&sid=233\nISS X-Force ID: 16104\n[CVE-2004-0502](https://vulners.com/cve/CVE-2004-0502)\nBugtraq ID: 10307\n", "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:22:58", "description": "Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the \"src\" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI.", "edition": 4, "cvss3": {}, "published": "2004-08-18T04:00:00", "title": "CVE-2004-0502", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0502"], "modified": "2017-07-11T01:30:00", "cpe": ["cpe:/a:microsoft:outlook:2003"], "id": "CVE-2004-0502", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0502", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-02T22:31:16", "description": "Microsoft Outlook 2003 Predictable File Location Weakness. CVE-2004-0502. Remote exploit for windows platform", "published": "2004-05-10T00:00:00", "type": "exploitdb", "title": "Microsoft Outlook 2003 Predictable File Location Weakness", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-0502"], "modified": "2004-05-10T00:00:00", "id": "EDB-ID:24101", "href": "https://www.exploit-db.com/exploits/24101/", "sourceData": "source: http://www.securityfocus.com/bid/10307/info\r\n\r\nMicrosoft Outlook 2003 is reported to be prone to store files that are specified in img tags, in predictable locations. \r\n\r\nThis may present a security risk because many known (and potential) Internet Explorer vulnerabilities depend on the attacker being able to directly reference malicious content on a victim system. Given both the ability to place such content on the file system and reference it specifically by location, exploitation of many browser-based vulnerabilities becomes possible.\r\n\r\n<img src=\"malware.htm\" style=\"display:none\">", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/24101/"}]}