CVE-2003-1378

Name of the Vulnerable Software and Affected Versions Microsoft Outlook Express version 6.0 Outlook 2000

Description The issue allows remote attackers to execute arbitrary programs via an HTML email. This is achieved by setting the CODEBASE parameter to the program in the email. The security zone must be set to Internet Zone for this to be possible.

Recommendations For Microsoft Outlook Express version 6.0, consider changing the security zone setting from Internet Zone to a more restrictive setting to minimize the risk of exploitation. For Outlook 2000, restrict the use of HTML emails until a fix is available.