Vulnerability CVE-2003-0007

Vulnerability Name:

CVE-2003-0007 (CCN-11133)

Assigned:

2003-01-22

Published:

2003-01-22

Updated:

2018-10-12

Summary:

Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2003-0007

Source: CCN
Type: CIAC Information Bulletin N-035
Microsoft V1 Exchange Server Security Certificates Vulnerability

Source: CCN
Type: Microsoft Security Bulletin MS03-003
Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure (812262)

Source: CCN
Type: Microsoft Security Bulletin MS04-009
Vulnerability in Microsoft Outlook Could Allow Code Execution (828040)

Source: CCN
Type: OSVDB ID: 11424
Microsoft Outlook V1 Exchange Server Security Certificate Cleartext Transmission

Source: BID
Type: UNKNOWN
6667

Source: CCN
Type: BID-6667
Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability

Source: CCN
Type: BID-668
Microsoft MSN Setup BBS ActiveX Control Buffer Overflow Vulnerability

Source: MS
Type: UNKNOWN
MS03-003

Source: XF
Type: UNKNOWN
outlook-v1-certificate-plaintext(11133)

Source: XF
Type: UNKNOWN
outlook-v1-certificate-plaintext(11133)

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:outlook:2002:*:*:*:*:*:*:*

OR cpe:/a:microsoft:outlook:2002:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:outlook:2002:sp2:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:outlook:2002:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK