Remote Code Execution Vulnerability in Microsoft Outlook Express and Outlook 2000
CVE-2003-1378

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook; Outlook Express
Vendor: CVE Published:; 31 December 2003

Summary

Microsoft Outlook Express 6.0 and Outlook 2000 are susceptible to a vulnerability that permits remote attackers to execute arbitrary programs. This can be achieved through the use of a crafted HTML email containing a CODEBASE parameter pointing to the program. If an affected user opens such an email while their security zone is set to the Internet Zone, the attacker can take control of the system, compromising both its integrity and confidentiality. This vulnerability is akin to similar issues identified in other products, raising significant security concerns for users relying on these email clients.

References

http://www.securityfocus.com/archive/1/312910

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/11411

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/6923

vdb-entryx_refsource_BID

EPSS Score

34% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 18, 2007
Vulnerability published
Dec 31, 2003