Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0380

6 documents4 sources

Severity

10.0CRITICAL

EPSS

74.4%

top 1.15%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Outlook Express

Timeline

PublishedMay 4

Latest updateApr 29

Description

The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/outlook_express5.5, 6.0+1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-wv58-cxvm-2w2g: The MHTML protocol handler in Microsoft Outlook Express 5↗2022-04-29

▶

CVEList

CVE-2004-0380: The MHTML protocol handler in Microsoft Outlook Express 5↗2004-04-06

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 5.0.1 - ITS Protocol Zone Bypass (MS04-013)↗2004-02-13

▶

Exploit-DB

Microsoft Outlook Express 6.0 - MHTML Forced File Execution (2)↗2003-11-25

▶

Exploit-DB

Microsoft Outlook Express 6.0 - '.MHTML' Forced File Execution (1)↗2003-11-25

▶