CVE-2002-1056
HIGH severity · CVSS 7.5
7.5CVSS HIGH
Summary
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)19%
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://marc.info/?l=bugtraq&m=101760380418890&w=2
- http://online.securityfocus.com/archive/1/265621
- http://www.iss.net/security_center/static/8708.php
- http://www.securityfocus.com/bid/4397
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-021
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A205
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A429