// For flags

CVE-2004-0380

Microsoft Internet Explorer 5.0.1 - ITS Protocol Zone Bypass (MS04-013)

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."

El Manejador del protocolo MHTML en Microsoft Outlook Express 5.5 SP2 a Outlook Express 6 SP1 permite a atacantes remotos eludir restricciones de dominio y ejecutar código arbitrario, como se ha demostrado en Internet Explorer usando código script en un archivo de ayuda compilada (CHM) te hace referencia a manejadores de protocolo InfoTech Storage (ITS) como

ms-its
its
mk:@MSITStore

también llamada "Vulnerabilidad en Procesamiento de URL MHTML".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2003-11-25 First Exploit
  • 2004-04-05 CVE Reserved
  • 2004-04-06 CVE Published
  • 2024-08-08 CVE Updated
  • 2024-09-15 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Outlook Express
Search vendor "Microsoft" for product "Outlook Express"
5.5
Search vendor "Microsoft" for product "Outlook Express" and version "5.5"
-
Affected
Microsoft
Search vendor "Microsoft"
Outlook Express
Search vendor "Microsoft" for product "Outlook Express"
6.0
Search vendor "Microsoft" for product "Outlook Express" and version "6.0"
-
Affected