Vulnerability Name:

CVE-2004-0380 (CCN-15705)

Assigned:2004-04-13
Published:2004-04-13
Updated:2018-10-12
Summary:The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Wed Feb 18 2004 - 19:02:45 CST
Microsoft Internet Explorer Unspecified CHM File Processing Arbitrary Code Execution Vulnerability (bid 9658)

Source: CCN
Type: BugTraq Mailing List, Sun Mar 28 2004 - 01:03:07 CST
IE ms-its: and mk:@MSITStore: vulnerability

Source: MITRE
Type: CNA
CVE-2004-0380

Source: CCN
Type: SA10523
Internet Explorer showHelp() Restriction Bypass Vulnerability

Source: SECUNIA
Type: UNKNOWN
10523

Source: CCN
Type: CIAC Information Bulletin O-116
Microsoft Cumulative Security Update for Outlook Express

Source: MISC
Type: UNKNOWN
http://www.k-otik.net/bugtraq/02.18.InternetExplorer.php

Source: CCN
Type: US-CERT VU#323070
Outlook Express MHTML protocol handler does not properly validate source of alternate content

Source: CERT-VN
Type: US Government Resource
VU#323070

Source: CCN
Type: Microsoft Security Bulletin MS04-013
Cumulative Security Update for Outlook Express (837009)

Source: CCN
Type: Microsoft Security Bulletin MS04-018
Cumulative Security Update for Outlook Express (823353)

Source: CCN
Type: Microsoft Security Bulletin MS06-016
Cumulative Security Update for Outlook Express (911567)

Source: CCN
Type: Microsoft Security Bulletin MS06-076
Cumulative Security Update for Outlook Express (923694)

Source: CCN
Type: Microsoft Security Bulletin MS07-034
Cumulative Security Update for Outlook Express and Windows Mail (929123)

Source: CCN
Type: Microsoft Security Bulletin MS07-056
Security Update for Outlook Express and Windows Mail (941202)

Source: CCN
Type: Microsoft Security Bulletin MS08-048
Security Update for Outlook Express and Windows Mail (951066)

Source: CCN
Type: Microsoft Security Bulletin MS10-030
Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542)

Source: BUGTRAQ
Type: Patch, Vendor Advisory
20040219 Microsoft Internet Explorer Unspecified CHM File Processing Arbitrary Code Execution Vulnerability (bid 9658)

Source: BUGTRAQ
Type: Exploit, Patch, Vendor Advisory
20040328 IE ms-its: and mk:@MSITStore: vulnerability

Source: BID
Type: UNKNOWN
9105

Source: CCN
Type: BID-9105
Microsoft Outlook Express MHTML Forced File Execution Vulnerability

Source: BID
Type: UNKNOWN
9658

Source: CCN
Type: BID-9658
Microsoft Internet Explorer ITS Protocol Zone Bypass Vulnerability

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA04-099A
Vulnerability in Internet Explorer ITS Protocol Handler

Source: CERT
Type: US Government Resource
TA04-104A

Source: CCN
Type: Internet Security Systems Security Alert, April 13, 2004
Multiple Vulnerabilities in Microsoft Products

Source: MS
Type: UNKNOWN
MS04-013

Source: XF
Type: UNKNOWN
outlook-mhtml-execute-code(15705)

Source: XF
Type: UNKNOWN
outlook-mhtml-execute-code(15705)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1010

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1028

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:882

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:990

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:outlook_express:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:outlook_express:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:outlook_express:6.0:sp1:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:990
    V
    		Microsoft Outlook Express v6.0 MHTML URL Processing Vulnerability
    2015-08-10
    oval:org.mitre.oval:def:1028
    V
    		Microsoft Outlook Express v6.0 for Server 2003 MHTML URL Processing Vulnerability
    2005-10-19
    oval:org.mitre.oval:def:882
    V
    		Microsoft Outlook Express v5.5,SP2 MHTML URL Processing Vulnerability
    2004-05-25
    oval:org.mitre.oval:def:1010
    V
    		Microsoft Outlook Express v6.0,SP1 MHTML URL Processing Vulnerability
    2004-05-25
    BACK
    microsoft outlook express 5.5
    microsoft outlook express 6.0
    microsoft outlook express 5.0
    microsoft outlook express 6.0
    microsoft windows 2003 server *
    microsoft outlook express 6.0 sp1