CVE-2004-0502
Microsoft Outlook 2003 - Predictable File Location
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI.
Outlook 2003, cuando se responde a un mensaje de correo electrónico, almacena ciertos ficheros en una situación predecible para la fuente de una imagen (etiqueta HTML img) del mensaje original, lo que permite a atacantes remotos saltarse restricciones de zonas y explotar otros cosas que dependen de localizaciones impredecibles, como se ha demostrado usando una URI shell:
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-05-10 First Exploit
- 2004-05-27 CVE Reserved
- 2004-06-03 CVE Published
- 2024-08-08 CVE Updated
- 2024-11-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=108420583612655&w=2 | Mailing List | |
| http://marc.info/?l=bugtraq&m=108637351805607&w=2 | Mailing List | |
| http://marc.info/?l=ntbugtraq&m=108644231209698&w=2 | Mailing List | |
| http://secunia.com/advisories/11572 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16104 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/24101 | 2004-05-10 | |
| http://www.securityfocus.com/bid/10307 | 2024-08-08 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|