CVE-2004-0502

Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=108420583612655&w=2
http://marc.info/?l=bugtraq&m=108637351805607&w=2
http://marc.info/?l=ntbugtraq&m=108644231209698&w=2
http://secunia.com/advisories/11572
http://www.securityfocus.com/bid/10307	Exploit Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16104

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*

History

No history.

Information

Published : 2004-08-18 04:00

Updated : 2024-02-04 16:31

NVD link : CVE-2004-0502

Mitre link : CVE-2004-0502

CVE.ORG link : CVE-2004-0502

JSON object : View

Products Affected

microsoft

outlook

CWE

NVD-CWE-Other

{"id": "CVE-2004-0502", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-08-18T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=108420583612655&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=108637351805607&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=ntbugtraq&m=108644231209698&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/11572", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/10307", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16104", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the \"src\" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI."}, {"lang": "es", "value": "Outlook 2003, cuando se responde a un mensaje de correo electr\u00f3nico, almacena ciertos ficheros en una situaci\u00f3n predecible para la fuente de una imagen (etiqueta HTML img) del mensaje original, lo que permite a atacantes remotos saltarse restricciones de zonas y explotar otros cosas que dependen de localizaciones impredecibles, como se ha demostrado usando una URI shell:"}], "lastModified": "2017-07-11T01:30:12.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}