| Vulnerability Name: | CVE-2004-2482 (CCN-16663) | ||||||||
| Assigned: | 2004-07-12 | ||||||||
| Published: | 2004-07-12 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2004-2482 Source: CCN Type: SA12041 Microsoft Outlook / Word Object Tag Vulnerability Source: SECUNIA Type: UNKNOWN 12041 Source: OSVDB Type: UNKNOWN 7769 Source: CCN Type: OSVDB ID: 7769 Microsoft Outlook With Word Editor Object Tag Code Execution Source: BUGTRAQ Type: Vendor Advisory 20040708 Microsoft Word Email Object Data Vulnerability Source: BID Type: UNKNOWN 10683 Source: CCN Type: BID-10683 Microsoft Word/Outlook Object Tag Security Setting Compromise Vulnerability Source: XF Type: UNKNOWN microsoft-object-gain-access(16663) Source: XF Type: UNKNOWN microsoft-object-gain-access(16663) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||