CVE-2004-0121
Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 23796
Publication date : 2004-03-08 23h00 +00:00
Author : shaun2k2
EDB Verified : Yes
source: https://www.securityfocus.com/bid/9827/info
Microsoft Outlook is prone to a vulnerability that may permit execution of arbitrary code on client systems. This issue is exposed through Outlook, but will reportedly cause Internet Explorer to load malicious content in the Local Zone.
This is related to how mailto URIs are handled by the software and may be exploited from a malicious web page or through HTML e-mail. This issue will permit a remote attacker to influence how Outlook invoked via mailto URIs, allowing for execution of malicious scripting in the Local Zone through an attacker-specified Outlook profile parameter.
** It was initially reported that exploitation of this issue will depend on the Outlook Today page being the default folder homepage. Additional details have been made available to indicate that in situations where this is not the default page, it is possible to use two mailto URIs to exploit the issue. The first URI would display the Outlook Today view and the second would include an embedded JavaScript URI.
<!-- Outlook mailto: URL argument injection
proof-of-concept exploit,
by shaun2k2. The exploit can be easily modified
to execute more
malicious things.
-->
<html>
<body>
<!-- This is the exploit string. -->
<img src="mailto:aa" /select
javascript:alert('vulnerable')">
</body>
</html>
Products Mentioned
Configuraton 0
Microsoft>>Office >> Version xp
- Microsoft>>Office >> Version xp (Open CPE detail)
Microsoft>>Outlook >> Version 2002
- Microsoft>>Outlook >> Version 2002 (Open CPE detail)
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009
Tags : vendor-advisory, x_refsource_MS
Tags : vendor-advisory, x_refsource_MS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A843
Tags : vdb-entry, signature, x_refsource_OVAL
Tags : vdb-entry, signature, x_refsource_OVAL
http://www.ciac.org/ciac/bulletins/o-096.shtml
Tags : third-party-advisory, government-resource, x_refsource_CIAC
Tags : third-party-advisory, government-resource, x_refsource_CIAC
http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities
Tags : third-party-advisory, x_refsource_IDEFENSE
Tags : third-party-advisory, x_refsource_IDEFENSE
