Information Disclosure in Outlook Express 6.0 by Microsoft
CVE-2004-2137

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Express
Vendor: CVE Published:; 31 December 2004

What is CVE-2004-2137?

A vulnerability in Microsoft Outlook Express 6.0 allows the disclosure of blind carbon copy (BCC) recipients when sending multipart email messages. With the 'Break apart messages larger than' setting enabled, recipients listed in the To and CC fields may see the BCC recipients, potentially exposing sensitive information to unauthorized users. This flaw poses a risk when confidential communication is handled via email, as it undermines privacy and could result in data leakage.

References

http://www.securityfocus.com/bid/11040

vdb-entryx_refsource_BID

http://www.networksecurity.fi/advisories/outlook-bcc.html

x_refsource_MISC

http://securitytracker.com/id?1011067

vdb-entryx_refsource_SECTRACK

EPSS Score

39% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Jun 14, 2005
Vulnerability published
Dec 31, 2004