7.5

CVE-2004-0121

Exploit
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftOffice Versionxp Updatesp2
MicrosoftOutlook Version2002 Updatesp2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 47.68% 0.987
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

http://marc.info/?l=bugtraq&m=107893704602842&w=2
Third Party Advisory
http://www.ciac.org/ciac/bulletins/o-096.shtml
Broken Link
http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities
Patch
Vendor Advisory
Broken Link
http://www.kb.cert.org/vuls/id/305206
Third Party Advisory
US Government Resource
Mitigation
http://www.securityfocus.com/bid/9827
Patch
Third Party Advisory
Vendor Advisory
Exploit
Broken Link
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA04-070A.html
Third Party Advisory
US Government Resource
Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15414
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/15429
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A843
Broken Link