Vulnerability Description
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Outlook | 2000 |
| Microsoft | Outlook Express | 6.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/archive/1/312910Exploit
- http://www.securityfocus.com/archive/1/312929
- http://www.securityfocus.com/bid/6923Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11411
- http://www.securityfocus.com/archive/1/312910Exploit
- http://www.securityfocus.com/archive/1/312929
- http://www.securityfocus.com/bid/6923Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11411
FAQ
What is CVE-2003-1378?
CVE-2003-1378 is a vulnerability with a CVSS score of 8.8 (HIGH). Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to ...
How severe is CVE-2003-1378?
CVE-2003-1378 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1378?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Outlook, Microsoft Outlook Express.