CVE-2004-2482

Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-2482
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / outlook	2000	2000.x
microsoft / outlook	2003	2003.x

http://secunia.com/advisories/12041
http://www.osvdb.org/7769
http://www.securityfocus.com/archive/1/368492
http://www.securityfocus.com/bid/10683
https://exchange.xforce.ibmcloud.com/vulnerabilities/16663

Vulnerability Database

289,784

CVE-2004-2482