MHTML Protocol Handler Issue in Microsoft Outlook Express by Microsoft
CVE-2004-0380

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Express
Vendor: CVE Published:; 4 May 2004

Summary

The MHTML protocol handler vulnerability in Microsoft Outlook Express versions 5.5 SP2 and 6 SP1 allows remote attackers to exploit domain restrictions, leading to the execution of arbitrary code. This is particularly evident when script code in compiled help (.CHM) files utilizes the InfoTech Storage (ITS) protocol handlers like ms-its, ms-itss, and mk:@MSITStore. Such an exploit can compromise user systems without their consent, making it a serious security risk for users of the affected software.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.securityfocus.com/bid/9105

vdb-entryx_refsource_BID

http://www.kb.cert.org/vuls/id/323070

third-party-advisoryx_refsource_CERT-VN

EPSS Score

79% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 4, 2004
Vulnerability Reserved
Apr 5, 2004