CVE-2004-0121 – Microsoft Outlook 2002 - 'Mailto' Quoting Zone Bypass
https://notcve.org/view.php?id=CVE-2004-0121
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs. Micrososft Outlook 2002 no filtra suficientemente los parámetros de URLs mailto:, cuando se usan como argumentos al llamar a OUTLOOK.EXE, lo que permite a atacantes remotos usar código script en la zona de seguridad "Máquina Local" y ejecutar programas arbitrarios. • https://www.exploit-db.com/exploits/23796 http://marc.info/?l=bugtraq&m=107893704602842&w=2 http://www.ciac.org/ciac/bulletins/o-096.shtml http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities http://www.kb.cert.org/vuls/id/305206 http://www.securityfocus.com/bid/9827 http://www.us-cert.gov/cas/techalerts/TA04-070A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009 https://exchange.xforce.ibmcloud.com/vulnerabiliti • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVE-2004-0284
https://notcve.org/view.php?id=CVE-2004-0284
Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name. Microsoft Internet Explorer 6.0, Outlook 2002, y Outlook 2003 permiten a atacantes remotos causar una denegación de servicio (consumición de CPU) si está desactivado "No guardar las páginas cifradas en el disco), mediante un sitio web o un mensaje de correo electrónico que contenga dos caractéres nulos (%00) después del nombre de máquina. • http://marc.info/?l=bugtraq&m=107643134712133&w=2 http://www.securityfocus.com/bid/9629 https://exchange.xforce.ibmcloud.com/vulnerabilities/15127 •
CVE-2003-0007
https://notcve.org/view.php?id=CVE-2003-0007
Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure." Microsoft Outllok no maneja adecuadamente las peticiones para cifrar mensajes con un certificados de Seguridad de Exchange Server V1, lo que hace que Outlook envíe el mensaje en texto plano, también conocida como "Fallo en como Outlook 2002 maneja certificados de seguridad de Exchange Server podría llevar a desvelamiento de información. • http://www.securityfocus.com/bid/6667 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-003 https://exchange.xforce.ibmcloud.com/vulnerabilities/11133 •
CVE-2002-2100
https://notcve.org/view.php?id=CVE-2002-2100
Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content. • http://archives.neohapsis.com/archives/bugtraq/2002-03/0267.html http://www.iss.net/security_center/static/8611.php http://www.securityfocus.com/bid/4334 •
CVE-2002-2101
https://notcve.org/view.php?id=CVE-2002-2101
Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag. • http://archives.neohapsis.com/archives/bugtraq/2002-03/0267.html http://www.iss.net/security_center/static/8613.php http://www.securityfocus.com/bid/4337 •