CyberSec.Space Logo
返回 CVE 浏览器

CVE-2003-1378

HIGH
8.8
CVSS Severity Score
EPSS Score0.1850%
EPSS Percentile10.51th
Published2003年12月31日
Last Modified2026年4月16日

Vulnerability Description

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.

Affected Platforms (CPE)

📦
Microsoft

Outlook

= 2000
📦
Microsoft

Outlook

= 2000
📦
Microsoft

Outlook

= 2000
📦
Microsoft

Outlook Express

= 6.0

References & Advisories

🔗 http://www.securityfocus.com/archive/1/312910
🔗 http://www.securityfocus.com/archive/1/312929
🔗 http://www.securityfocus.com/bid/6923
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/11411
🔗 http://www.securityfocus.com/archive/1/312910
🔗 http://www.securityfocus.com/archive/1/312929
🔗 http://www.securityfocus.com/bid/6923
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/11411

相关漏洞威胁

CVE-2004-038010.0

The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass do...

CVE-2001-053810.0

Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands...

CVE-1999-096710.0

Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource p...

CVE-2012-139110.0

Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tion.isharesync) application 3.1 for Android has unknown impact...