Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0538 — Microsoft Outlook vulnerability

5 documents4 sources

Severity

10.0CRITICALNVD

EPSS

63.1%

top 1.60%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Outlook

Timeline

PublishedAug 14

Latest updateApr 30

Description

Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/outlook2002

🔴Vulnerability Details

GHSA

GHSA-xxqr-h45r-xgm7: Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTM↗2022-04-30

▶

CVEList

CVE-2001-0538: Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTM↗2002-03-09

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Outlook 98/2000/2002 - Unauthorized Email Access↗2001-07-12

▶

Exploit-DB

Microsoft Outlook 98/2000/2002 - Arbitrary Code Execution↗2001-07-12

▶