PT-2004-3584 · Microsoft · Outlook Express

Published

2004-12-31

Updated

2016-10-18

CVE-2004-2694

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Outlook Express version 6.0

Description The issue allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to " top".

Recommendations For Microsoft Outlook Express version 6.0, consider disabling the use of "BASE HREF" tags with the target set to " top" to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2004-2694

Affected Products

Outlook Express

PT-2004-3584 · Microsoft · Outlook Express

CVE-2004-2694

Weakness Enumeration

Related Identifiers

Affected Products

References · 4