Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0502Microsoft Outlook vulnerability

4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
56.8%
top 1.87%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Outlook
Timeline
PublishedAug 18
Latest updateApr 29

Description

Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-hh26-f6cr-2h76: Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message,2022-04-29
CVEList
CVE-2004-0502: Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message,2004-06-03

💥Exploits & PoCs

1
Exploit-DB
Microsoft Outlook 2003 - Predictable File Location2004-05-10
CVE-2004-0502 — Microsoft Outlook vulnerability | cvebase