Access Bypass in Microsoft Outlook Express 6.0 by Microsoft
CVE-2004-2694

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Express
Vendor: CVE Published:; 31 December 2004

Summary

Microsoft Outlook Express 6.0 contains a vulnerability that allows remote attackers to circumvent established access controls. By manipulating the 'BASE HREF' attribute with a target set to '_top', an attacker can load unauthorized content into the Outlook interface, which can aid in executing phishing schemes. This alteration compromises user security and exposes sensitive information, making it crucial for users to be aware of such threats.

References

http://marc.info/?l=bugtraq&m=108448627120764&w=2

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/11607

third-party-advisoryx_refsource_SECUNIA

http://www.osvdb.org/6121

vdb-entryx_refsource_OSVDB

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 6, 2007
Vulnerability published
Dec 31, 2004