Back to search
CVE-2004-0121
Published: Sep 1, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
TA04-070A
third-party-advisory
x_refsource_CERT
MS04-009
vendor-advisory
x_refsource_MS
VU#305206
third-party-advisory
x_refsource_CERT-VN
outlook-mailtourl-execute-code(15414)
vdb-entry
x_refsource_XF
outlook-ms04009-patch(15429)
vdb-entry
x_refsource_XF
oval:org.mitre.oval:def:843
vdb-entry
signature
x_refsource_OVAL
O-096
third-party-advisory
government-resource
x_refsource_CIAC
9827
vdb-entry
x_refsource_BID
20040309 Microsoft Outlook "mailto:" Parameter Passing Vulnerability
third-party-advisory
x_refsource_IDEFENSE
20040310 Outlook mailto: URL argument injection vulnerability
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now