Vulnerability CVE-2001-0538

Vulnerability Name:

CVE-2001-0538 (CCN-6831)

Assigned:

2001-07-12

Published:

2001-07-12

Updated:

2018-10-12

Summary:

Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2001-0538

Source: BUGTRAQ
Type: UNKNOWN
20010712 MS Office XP - the more money I give to Microsoft, the more vulnerable my Windows computers are

Source: CCN
Type: CERT Advisory CA-2000-07
Microsoft Office 2000 UA ActiveX Control Incorrectly Marked "Safe for Scripting"

Source: CCN
Type: CERT Advisory CA-2000-12
HHCtrl ActiveX Control Allows Local Files to be Executed

Source: CCN
Type: CIAC Information Bulletin L-113
Microsoft Outlook View Control Exposes Unsafe Functionality

Source: CIAC
Type: UNKNOWN
L-113

Source: CCN
Type: Georgi Guninski Security Advisory #49
MS Office XP - the more money I give to Microsoft, the more vulnerable my Windows computers are

Source: CCN
Type: US-CERT VU#131569
Microsoft Outlook View Control allows execution of arbitrary code and manipulation of user data

Source: CERT-VN
Type: US Government Resource
VU#131569

Source: CCN
Type: Microsoft Security Bulletin MS01-038
Outlook View Control Exposes Unsafe Functionality

Source: CCN
Type: NTBugTraq Mailing List, Thu, 12 Jul 2001 14:58:28 -0400
Vulnerability in IE/Outlook ActiveX control

Source: NTBUGTRAQ
Type: UNKNOWN
20010712 Vulnerability in IE/Outlook ActiveX control

Source: CCN
Type: OSVDB ID: 1902
Microsoft Outlook View ActiveX Arbitrary Command Execution

Source: BID
Type: UNKNOWN
3025

Source: CCN
Type: BID-3025
Microsoft Outlook Unauthorized Email Access Vulnerability

Source: CCN
Type: BID-3026
Microsoft Outlook Arbitrary Code Execution Vulnerability

Source: MS
Type: UNKNOWN
MS01-038

Source: XF
Type: UNKNOWN
outlook-activex-view-control(6831)

Source: XF
Type: UNKNOWN
outlook-activex-view-control(6831)

Source: CCN
Type: Microsoft Knowledge Base Article 291407
OL2002: General Information About the Outlook View Control

Source: CCN
Type: Microsoft Knowledge Base Article 291791
OL2000: Outlook Update for Java Permissions Security

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:outlook:*:*:*:*:*:*:*:* (Version <= 2002)

Configuration CCN 1:

cpe:/a:microsoft:outlook:98:*:*:*:*:*:*:*

OR cpe:/a:microsoft:outlook:2000:*:*:*:*:*:*:*

OR cpe:/a:microsoft:outlook:2002:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK