5 matches found
Command injection
Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as have an...
CVE-2017-5078
CVE-2017-5078 is listed in Arch Linux ASA-201707-4 as a vulnerability in qt5-webengine (Chromium-based) before 5.9.1-1, described as an arbitrary command execution via a possible command injection in the mailto handling component of the Chromium browser. The advisory indicates multiple issues in ...
CVE-2004-0121
Technical details about CVE-2004-0121 are not publicly available in the provided connected documents. The material only restates the issue in Outlook 2002 without specifics. Monitor for updates.
CVE-2004-0121
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs...
MS04-009: Vulnerability in Outlook could allow code execution (828040)
The remote host is running a version of outlook that could allow Internet Explorer to execute script code in the Local Machine zone and therefore let an attacker execute arbitrary programs on this host. To exploit this bug, an attacker would need to send an special HTML message to a user of this...