CVE-2004-0121
HIGH severity · CVSS 7.5 · CWE-88
7.5CVSS HIGH
Summary
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)48%
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities ↗
Additional information
- NVD record
- http://www.idefense.com/application/poi/display?id=79&type=vulnerabilitiesPatch
- http://www.securityfocus.com/bid/9827Patch
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009Patch
- http://www.kb.cert.org/vuls/id/305206Advisory
- http://marc.info/?l=bugtraq&m=107893704602842&w=2Advisory
- http://www.ciac.org/ciac/bulletins/o-096.shtml
- http://www.us-cert.gov/cas/techalerts/TA04-070A.htmlAdvisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15414Advisory