Vulnerability Database

310,450

Total vulnerabilities in the database

CVE-2003-1378

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.

Published: Dec 31, 2003
Updated: Nov 9, 2025
CVE: CVE-2003-1378
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 8.8
AV:N/AC:M/Au:N/C:C/I:C/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
microsoft / outlook	2000-sr1	2000-sr1.x
microsoft / outlook	2000	2000.x
microsoft / outlook_express	6.0	6.0.x
microsoft / outlook	2000-sp2	2000-sp2.x

http://www.securityfocus.com/archive/1/312910
http://www.securityfocus.com/archive/1/312929
http://www.securityfocus.com/bid/6923
https://exchange.xforce.ibmcloud.com/vulnerabilities/11411

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo