CVE-2004-2137

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Express
Vendor: CVE Published:; 31 December 2004

Summary

Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information.

References

http://www.securityfocus.com/bid/11040

vdb-entryx_refsource_BID

http://www.networksecurity.fi/advisories/outlook-bcc.html

x_refsource_MISC

http://securitytracker.com/id?1011067

vdb-entryx_refsource_SECTRACK

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Jun 14, 2005
Vulnerability published
Dec 31, 2004

Collectors

NVD DatabaseMitre Database