PT-2003-2323 · Microsoft · Outlook 2000+1

Published

2003-12-31

Updated

2017-07-29

CVE-2003-1378

CVSS v2.0

8.8

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Outlook Express version 6.0 Outlook 2000

Description The issue allows remote attackers to execute arbitrary programs via an HTML email. This is achieved by setting the CODEBASE parameter to the program in the email. The security zone must be set to Internet Zone for this to be possible.

Recommendations For Microsoft Outlook Express version 6.0, consider changing the security zone setting from Internet Zone to a more restrictive setting to minimize the risk of exploitation. For Outlook 2000, restrict the use of HTML emails until a fix is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2003-1378

Affected Products

Outlook Express

Outlook 2000

PT-2003-2323 · Microsoft · Outlook 2000+1

CVE-2003-1378

Weakness Enumeration

Related Identifiers

Affected Products

References · 6