CVE-2004-0121 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2004-0121
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0121

Description: Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.

CVE Status: Entry

References: XF http://xforce.iss.net/xforce/xfdb/15414 http://xforce.iss.net/xforce/xfdb/15429 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:843 MS http://www.microsoft.com/technet/security/bulletin/ms04-009.asp IDEFENSE http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities CIAC http://www.ciac.org/ciac/bulletins/o-096.shtml CERT-VN 305206 CERT http://www.us-cert.gov/cas/techalerts/TA04-070A.html BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=107893704602842&w=2 BID 9827

Return to the previous page.