| Vulnerability Name: | CVE-2003-1378 (CCN-11411) | ||||||||
| Assigned: | 2003-02-23 | ||||||||
| Published: | 2003-02-23 | ||||||||
| Updated: | 2017-07-29 | ||||||||
| Summary: | Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 8.8 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:N)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sun Feb 23 2003 - 12:32:26 CST O UT LO OK E XPRE SS 6 .00 : broken Source: MITRE Type: CNA CVE-2003-1378 Source: CCN Type: GreyMagic Security Advisory GM#001-IE Executing arbitrary commands without Active Scripting or ActiveX. Source: CCN Type: OSVDB ID: 60397 Microsoft Outlook HTML Email CODEBASE Parameter Arbitrary Program Execution Source: BUGTRAQ Type: Exploit 20030223 O UT LO OK E XPRE SS 6 .00 : broken Source: BUGTRAQ Type: UNKNOWN 20030224 Re: O UT LO OK E XPRE SS 6 .00 : broken Source: BID Type: Exploit 6923 Source: CCN Type: BID-6923 Microsoft Outlook and Outlook Express Arbitrary Program Execution Vulnerability Source: CCN Type: BID-9673 Microsoft Outlook Express Arbitrary Program Execution Vulnerability Source: XF Type: UNKNOWN outlook-codebase-execute-programs(11411) Source: XF Type: UNKNOWN outlook-codebase-execute-programs(11411) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||