CVE-2003-0007 — Sensitive Information Exposure in Microsoft Outlook

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

5.0%

top 10.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Outlook

Timeline

PublishedFeb 7

Latest updateApr 29

Description

Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/outlook2002

🔴Vulnerability Details

GHSA

GHSA-qxm8-rmh7-7qjh: Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook↗2022-04-29

▶

CVEList

CVE-2003-0007: Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook↗2004-09-01

▶