CVE-2002-1056 — Microsoft Outlook vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

16.4%

top 5.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Outlook Microsoft Word

Timeline

PublishedMay 16

Latest updateApr 30

Description

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/word2000, 2002+1

▶NVDmicrosoft/outlook2000, 2002+1

🔴Vulnerability Details

GHSA

GHSA-hxxf-r7jv-rrcj: Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email m↗2022-04-30

▶

CVEList

CVE-2002-1056: Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email m↗2002-06-25

▶