Back to search
CVE-2004-0380
Published: Apr 6, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
oval:org.mitre.oval:def:990
vdb-entry
signature
x_refsource_OVAL
9105
vdb-entry
x_refsource_BID
VU#323070
third-party-advisory
x_refsource_CERT-VN
oval:org.mitre.oval:def:1010
vdb-entry
signature
x_refsource_OVAL
outlook-mhtml-execute-code(15705)
vdb-entry
x_refsource_XF
MS04-013
vendor-advisory
x_refsource_MS
9658
vdb-entry
x_refsource_BID
TA04-104A
third-party-advisory
x_refsource_CERT
oval:org.mitre.oval:def:882
vdb-entry
signature
x_refsource_OVAL
http://www.k-otik.net/bugtraq/02.18.InternetExplorer.php
x_refsource_MISC
20040328 IE ms-its: and mk:@MSITStore: vulnerability
mailing-list
x_refsource_BUGTRAQ
20040219 Microsoft Internet Explorer Unspecified CHM File Processing Arbitrary Code Execution Vulnerability (bid 9658)
mailing-list
x_refsource_BUGTRAQ
oval:org.mitre.oval:def:1028
vdb-entry
signature
x_refsource_OVAL
10523
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now