CVE-2003-1378
Microsoft Outlook2000/Express 6.0 - Arbitrary Program Execution
Severity Score
8.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2003-02-24 First Exploit
- 2003-12-31 CVE Published
- 2007-10-18 CVE Reserved
- 2024-08-08 CVE Updated
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/312929 | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11411 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/22280 | 2003-02-24 | |
| http://www.securityfocus.com/archive/1/312910 | 2024-08-08 | |
| http://www.securityfocus.com/bid/6923 | 2024-08-08 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Outlook Search vendor "Microsoft" for product "Outlook" | 2000 Search vendor "Microsoft" for product "Outlook" and version "2000" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Outlook Search vendor "Microsoft" for product "Outlook" | 2000 Search vendor "Microsoft" for product "Outlook" and version "2000" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Outlook Search vendor "Microsoft" for product "Outlook" | 2000 Search vendor "Microsoft" for product "Outlook" and version "2000" | sr1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Outlook Express Search vendor "Microsoft" for product "Outlook Express" | 6.0 Search vendor "Microsoft" for product "Outlook Express" and version "6.0" | - |
Affected
| ||||||