Vulnerability Details : CVE-2004-2137

Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information.

Published 2004-12-31 05:00:00

Updated 2017-07-11 01:31:40

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2004-2137

Probability of exploitation activity in the next 30 days: 4.12%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2004-2137

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2004-2137

http://securitytracker.com/id?1011067

Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/17098
http://www.networksecurity.fi/advisories/outlook-bcc.html

Patch;Vendor Advisory
http://support.microsoft.com/kb/843555

Patch;Vendor Advisory
http://www.securityfocus.com/bid/11040

Products affected by CVE-2004-2137

Microsoft » Outlook Express » Version: 6.0
cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*
Matching versions
Microsoft » Outlook Express » Version: 6.0 Update SP1
cpe:2.3:a:microsoft:outlook_express:6.0:sp1:*:*:*:*:*:*
Matching versions