Vulnerability Name:

CVE-2002-1056 (CCN-8708)

Assigned:2002-03-31
Published:2002-03-31
Updated:2018-10-12
Summary:Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Wed Apr 03 2002 - 12:30:39 CST
RE: More Office XP problems

Source: MITRE
Type: CNA
CVE-2002-1056

Source: BUGTRAQ
Type: UNKNOWN
20020331 More Office XP Problems

Source: BUGTRAQ
Type: UNKNOWN
20020403 More Office XP problems (Version 2.0)

Source: CCN
Type: CIAC Information Bulletin M-073
Microsoft Outlook E-mail Editor Vulnerability

Source: CCN
Type: Georgi Guninski Security Advisory #53, 2002
More Office XP problems

Source: XF
Type: UNKNOWN
outlook-object-execute-script(8708)

Source: CCN
Type: Microsoft Security Bulletin MS02-021
E-mail Editor Flaw Could Lead to Script Execution on Reply or Forward (Q321804)

Source: CCN
Type: Microsoft Security Bulletin MS02-031
Cumulative Patches for Excel and Word for Windows (Q324458)

Source: CCN
Type: Microsoft Security Bulletin MS03-050
Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527)

Source: CCN
Type: OSVDB ID: 2061
Microsoft Outlook HTML Mail Script Execution

Source: BID
Type: UNKNOWN
4397

Source: CCN
Type: BID-4397
Microsoft Outlook HTML Mail Script Execution Vulnerability

Source: MS
Type: UNKNOWN
MS02-021

Source: XF
Type: UNKNOWN
outlook-object-execute-script(8708)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:205

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:429

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:outlook:2000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:outlook:2002:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:2000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:2000:sr1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:2000:sr1a:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:2002:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:outlook:2000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:outlook:2002:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:205
    V
    		MS Outlook (Word 2000) RTF/HTML Script Execution Vulnerability
    2012-05-28
    oval:org.mitre.oval:def:429
    V
    		MS Outlook (Word 2002) RTF/HTML Script Execution Vulnerability
    2012-05-28
    BACK
    microsoft outlook 2000
    microsoft outlook 2002
    microsoft word 2000
    microsoft word 2000 sr1
    microsoft word 2000 sr1a
    microsoft word 2002
    microsoft outlook 2000
    microsoft outlook 2002