CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0380

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1040%
EPSS Percentile18.25th
PublishedMay 4, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Outlook Express

= 5.5
πŸ“¦
Microsoft

Outlook Express

= 6.0

References & Advisories

πŸ”— http://secunia.com/advisories/10523
πŸ”— http://www.k-otik.net/bugtraq/02.18.InternetExplorer.php
πŸ”— http://www.kb.cert.org/vuls/id/323070
πŸ”— http://www.securityfocus.com/archive/1/354447
πŸ”— http://www.securityfocus.com/archive/1/358913
πŸ”— http://www.securityfocus.com/bid/9105
πŸ”— http://www.securityfocus.com/bid/9658
πŸ”— http://www.us-cert.gov/cas/techalerts/TA04-104A.html

Related Vulnerabilities

CVE-1999-096710.0

Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource p...

CVE-2010-08169.3

Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, ...

CVE-2007-38979.3

Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Tran...

CVE-2007-40408.8

Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote ...