CVE-2004-0121
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/04/2004
Last modified:
03/04/2025
Description
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:outlook:2002:sp2:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://marc.info/?l=bugtraq&m=107893704602842&w=2
- http://www.ciac.org/ciac/bulletins/o-096.shtml
- http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities
- http://www.kb.cert.org/vuls/id/305206
- http://www.securityfocus.com/bid/9827
- http://www.us-cert.gov/cas/techalerts/TA04-070A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15414
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15429
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A843
- http://marc.info/?l=bugtraq&m=107893704602842&w=2
- http://www.ciac.org/ciac/bulletins/o-096.shtml
- http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities
- http://www.kb.cert.org/vuls/id/305206
- http://www.securityfocus.com/bid/9827
- http://www.us-cert.gov/cas/techalerts/TA04-070A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15414
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15429
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A843