CVE-2004-0501

Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote attackers to know when a message has been read, verify valid e-mail addresses, and possibly leak other information.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=108430168919965&w=2
http://marc.info/?l=bugtraq&m=108637351805607&w=2
http://marc.info/?l=ntbugtraq&m=108644231209698&w=2
http://www.securityfocus.com/bid/10323	Exploit Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16116

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*

History

No history.

Information

Published : 2004-08-18 04:00

Updated : 2024-02-28 10:24

NVD link : CVE-2004-0501

Mitre link : CVE-2004-0501

CVE.ORG link : CVE-2004-0501

JSON object : View

Products Affected

microsoft

outlook

CWE

NVD-CWE-Other

{"id": "CVE-2004-0501", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-08-18T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=108430168919965&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=108637351805607&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=ntbugtraq&m=108644231209698&w=2", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/10323", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16116", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote attackers to know when a message has been read, verify valid e-mail addresses, and possibly leak other information."}, {"lang": "es", "value": "Outlook 2003 permite a atacantes remotos saltarse las restricciones de acceso pretendidas y hacer que Outlokk pida una URL de un sitio remoto mediante un mensaje de correo electr\u00f3nico HTML conteniendo una entidad VML (Vector Markup Language) cuyo par\u00e1metro src apunta al sitio remoto, lo que podr\u00eda permitir a atacantes remotos saber cuando un mensaje ha sido le\u00eddo, verificar direcciones de correo electr\u00f3nico v\u00e1lidas, y posiblemente filtrar otra informaci\u00f3n."}], "lastModified": "2017-07-11T01:30:12.900", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}