Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1378

CWE-2644 documents4 sources
Severity
8.8HIGH
EPSS
26.8%
top 3.65%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft OutlookMicrosoft Outlook Express
Timeline
PublishedDec 31
Latest updateApr 29

Description

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.

CVSS vector

AV:N/AC:M/C:C/I:C/A:NExploitability: 8.6 | Impact: 9.2

Affected Packages2 packages

ā–¶NVDmicrosoft/outlook2000

šŸ”“Vulnerability Details

2
GHSA
GHSA-rx6q-7jmv-mc9j: Microsoft Outlook Express 6ā†—2022-04-29
ā–¶
CVEList
CVE-2003-1378: Microsoft Outlook Express 6ā†—2007-10-19
ā–¶

šŸ’„Exploits & PoCs

1
Exploit-DB
Microsoft Outlook2000/Express 6.0 - Arbitrary Program Executionā†—2003-02-24
ā–¶
CVE-2003-1378 (HIGH CVSS 8.8) | Microsoft Outlook Express 6.0 and O | cvebase.io