Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0501Microsoft Outlook vulnerability

4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
50.7%
top 2.14%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Outlook
Timeline
PublishedAug 18
Latest updateApr 29

Description

Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote attackers to know when a message has been read, verify valid e-mail addresses, and possibly leak other information.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-v9wr-f9jq-3935: Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail m2022-04-29
CVEList
CVE-2004-0501: Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail m2004-06-03

💥Exploits & PoCs

1
Exploit-DB
Microsoft Outlook 2003 - Mail Client E-mail Address Verification2004-05-11
CVE-2004-0501 — Microsoft Outlook vulnerability | cvebase