Vulnerability Details : CVE-2004-0121
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
Products affected by CVE-2004-0121
- cpe:2.3:a:microsoft:outlook:2002:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0121
73.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0121
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2004-0121
-
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.Assigned by: nvd@nist.gov (Primary)
References for CVE-2004-0121
-
http://www.us-cert.gov/cas/techalerts/TA04-070A.html
Page Not Found | CISABroken Link;Third Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/9827
Broken Link;Exploit;Patch;Third Party Advisory;VDB Entry;Vendor Advisory
-
http://www.ciac.org/ciac/bulletins/o-096.shtml
Broken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15414
Microsoft Outlook 2002 mailto URL allows execution of code CVE-2004-0121 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.kb.cert.org/vuls/id/305206
VU#305206 - Microsoft Outlook fails to properly filter parameters passed via "mailto:" URLMitigation;Third Party Advisory;US Government Resource
-
http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities
Broken Link;Patch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=107893704602842&w=2
'Outlook mailto: URL argument injection vulnerability' - MARCThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15429
Microsoft Outlook MS04-009 patch is not installed CVE-2004-0121 Vulnerability ReportThird Party Advisory;VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A843
404 Not FoundBroken Link
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009
Microsoft Security Bulletin MS04-009 - Critical | Microsoft LearnPatch;Vendor Advisory
Jump to