Vulnerability Description
An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Outlook | 2002 |
References
- http://online.securityfocus.com/archive/1/263429Vendor Advisory
- http://www.iss.net/security_center/static/8604.phpVendor Advisory
- http://www.securityfocus.com/bid/4340PatchVendor Advisory
- http://online.securityfocus.com/archive/1/263429Vendor Advisory
- http://www.iss.net/security_center/static/8604.phpVendor Advisory
- http://www.securityfocus.com/bid/4340PatchVendor Advisory
FAQ
What is CVE-2002-0481?
CVE-2002-0481 is a vulnerability with a CVSS score of 5.1 (MEDIUM). An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that refere...
How severe is CVE-2002-0481?
CVE-2002-0481 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0481?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Outlook.