CyberSec.Space Logo
Back to CVE Browser

CVE-2003-1378

HIGH
8.8
CVSS Severity Score
EPSS Score0.1850%
EPSS Percentile10.51th
PublishedDec 31, 2003
Last ModifiedApr 16, 2026

Vulnerability Description

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Outlook

= 2000
πŸ“¦
Microsoft

Outlook

= 2000
πŸ“¦
Microsoft

Outlook

= 2000
πŸ“¦
Microsoft

Outlook Express

= 6.0

References & Advisories

πŸ”— http://www.securityfocus.com/archive/1/312910
πŸ”— http://www.securityfocus.com/archive/1/312929
πŸ”— http://www.securityfocus.com/bid/6923
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/11411
πŸ”— http://www.securityfocus.com/archive/1/312910
πŸ”— http://www.securityfocus.com/archive/1/312929
πŸ”— http://www.securityfocus.com/bid/6923
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/11411

Related Vulnerabilities

CVE-2004-038010.0

The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass do...

CVE-2001-053810.0

Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands...

CVE-1999-096710.0

Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource p...

CVE-2012-139110.0

Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tion.isharesync) application 3.1 for Android has unknown impact...