CVE-2002-1056
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/05/2002
Last modified:
03/04/2025
Description
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://marc.info/?l=bugtraq&m=101760380418890&w=2
- http://online.securityfocus.com/archive/1/265621
- http://www.iss.net/security_center/static/8708.php
- http://www.securityfocus.com/bid/4397
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-021
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A205
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A429
- http://marc.info/?l=bugtraq&m=101760380418890&w=2
- http://online.securityfocus.com/archive/1/265621
- http://www.iss.net/security_center/static/8708.php
- http://www.securityfocus.com/bid/4397
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-021
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A205
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A429