Vulnerability Description
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Office | xp |
| Microsoft | Outlook | 2002 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=107893704602842&w=2Third Party Advisory
- http://www.ciac.org/ciac/bulletins/o-096.shtmlBroken Link
- http://www.idefense.com/application/poi/display?id=79&type=vulnerabilitiesBroken LinkPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/305206MitigationThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/9827Broken LinkExploitPatch
- http://www.us-cert.gov/cas/techalerts/TA04-070A.htmlBroken LinkThird Party AdvisoryUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-00PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15414Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15429Third Party AdvisoryVDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
- http://marc.info/?l=bugtraq&m=107893704602842&w=2Third Party Advisory
- http://www.ciac.org/ciac/bulletins/o-096.shtmlBroken Link
- http://www.idefense.com/application/poi/display?id=79&type=vulnerabilitiesBroken LinkPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/305206MitigationThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/9827Broken LinkExploitPatch
FAQ
What is CVE-2004-0121?
CVE-2004-0121 is a vulnerability with a CVSS score of 7.5 (HIGH). Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers ...
How severe is CVE-2004-0121?
CVE-2004-0121 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0121?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office, Microsoft Outlook.