Vulnerability Details CVE-2004-0121
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.515
EPSS Ranking 97.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=107893704602842&w=2
- http://www.ciac.org/ciac/bulletins/o-096.shtml
- http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities
- http://www.kb.cert.org/vuls/id/305206
- http://www.securityfocus.com/bid/9827
- http://www.us-cert.gov/cas/techalerts/TA04-070A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15414
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15429
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A843
- http://marc.info/?l=bugtraq&m=107893704602842&w=2
- http://www.ciac.org/ciac/bulletins/o-096.shtml
- http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities
- http://www.kb.cert.org/vuls/id/305206
- http://www.securityfocus.com/bid/9827
- http://www.us-cert.gov/cas/techalerts/TA04-070A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15414
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15429
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A843