| Vulnerability Name: | CCN-16119 | ||||||
| Published: | 2004-05-11 | ||||||
| Updated: | 2004-05-11 | ||||||
| Summary: | Microsoft Outlook could allow a remote attacker to spoof a trusted Web page by altering the URL that is displayed in an email. A remote attacker could send a specially-crafted email containing a URL link to a legitimate Web site followed by an asterisk ( * ) and a URL link to a malicious site, which would cause only the URL prior to the asterisk to be displayed. The victim would be redirected to the malicious Web site, once the link is clicked. An attacker could use this vulnerability to trick unsuspecting users to visit a malicious Web site. | ||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||
| CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||
| Vulnerability Consequences: | Obtain Information | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue May 11 2004 - 08:48:03 CDT Hiding URLs from Outlook and other mail clients Source: CCN Type: OSVDB ID: 11960 Multiple Mail Client URL Asterisks Obfuscation Source: CCN Type: BID-10324 Multiple Mail Transfer Agent Embedded Hyperlink URI Obfuscation Variant Weakness Source: XF Type: UNKNOWN outlook-url-spoofing(16119) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||