Vulnerability Description
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Outlook | 2000 |
| Microsoft | Word | 2000 |
References
- http://marc.info/?l=bugtraq&m=101760380418890&w=2
- http://online.securityfocus.com/archive/1/265621
- http://www.iss.net/security_center/static/8708.php
- http://www.securityfocus.com/bid/4397
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-02
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://marc.info/?l=bugtraq&m=101760380418890&w=2
- http://online.securityfocus.com/archive/1/265621
- http://www.iss.net/security_center/static/8708.php
- http://www.securityfocus.com/bid/4397
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-02
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2002-1056?
CVE-2002-1056 is a vulnerability with a CVSS score of 7.5 (HIGH). Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which c...
How severe is CVE-2002-1056?
CVE-2002-1056 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1056?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Outlook, Microsoft Word.