Vulnerability Description
Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Outlook | 2003 |
References
- http://marc.info/?l=bugtraq&m=108420583612655&w=2
- http://marc.info/?l=bugtraq&m=108637351805607&w=2
- http://marc.info/?l=ntbugtraq&m=108644231209698&w=2
- http://secunia.com/advisories/11572
- http://www.securityfocus.com/bid/10307ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16104
- http://marc.info/?l=bugtraq&m=108420583612655&w=2
- http://marc.info/?l=bugtraq&m=108637351805607&w=2
- http://marc.info/?l=ntbugtraq&m=108644231209698&w=2
- http://secunia.com/advisories/11572
- http://www.securityfocus.com/bid/10307ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16104
FAQ
What is CVE-2004-0502?
CVE-2004-0502 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restr...
How severe is CVE-2004-0502?
CVE-2004-0502 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0502?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Outlook.