CVE-2003-1378 : Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to In

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.

Published 2003-12-31 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2003-1378

Microsoft » Outlook » Version: 2000
cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*
Matching versions
Microsoft » Outlook » Version: 2000 Update SR1
cpe:2.3:a:microsoft:outlook:2000:sr1:*:*:*:*:*:*
Matching versions
Microsoft » Outlook » Version: 2000 Update SP2
cpe:2.3:a:microsoft:outlook:2000:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Outlook Express » Version: 6.0
cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2003-1378

EPSS FAQ

34.47%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 97 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2003-1378

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.8	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:N	8.6	9.2	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: None

CWE ids for CVE-2003-1378

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2003-1378

Jump to

Vulnerability Details : CVE-2003-1378

Products affected by CVE-2003-1378

Exploit prediction scoring system (EPSS) score for CVE-2003-1378

CVSS scores for CVE-2003-1378

CWE ids for CVE-2003-1378

References for CVE-2003-1378