CVE-2003-1378

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.

Published: Dec 31, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-1378
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 8.8
AV:N/AC:M/Au:N/C:C/I:C/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
microsoft / outlook	2000-sr1	2000-sr1.x
microsoft / outlook	2000	2000.x
microsoft / outlook_express	6.0	6.0.x
microsoft / outlook	2000-sp2	2000-sp2.x

http://www.securityfocus.com/archive/1/312910
http://www.securityfocus.com/archive/1/312929
http://www.securityfocus.com/bid/6923
https://exchange.xforce.ibmcloud.com/vulnerabilities/11411

Vulnerability Database

289,599

CVE-2003-1378