Vulnerability Description
Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Outlook Express | 6.0 |
References
- http://secunia.com/advisories/12376PatchVendor Advisory
- http://securitytracker.com/id?1011067Patch
- http://support.microsoft.com/kb/843555PatchVendor Advisory
- http://www.networksecurity.fi/advisories/outlook-bcc.htmlPatchVendor Advisory
- http://www.osvdb.org/9167
- http://www.securityfocus.com/bid/11040
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17098
- http://secunia.com/advisories/12376PatchVendor Advisory
- http://securitytracker.com/id?1011067Patch
- http://support.microsoft.com/kb/843555PatchVendor Advisory
- http://www.networksecurity.fi/advisories/outlook-bcc.htmlPatchVendor Advisory
- http://www.osvdb.org/9167
- http://www.securityfocus.com/bid/11040
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17098
FAQ
What is CVE-2004-2137?
CVE-2004-2137 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC field...
How severe is CVE-2004-2137?
CVE-2004-2137 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2137?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Outlook Express.