Arbitrary Program Execution via HTML Email in Microsoft Outlook Express 6.0 and Outlook 2000

Arbitrary Program Execution via HTML Email in Microsoft Outlook Express 6.0 and Outlook 2000

CVE-2003-1378 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:N

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.

Learn more about our Web Application Penetration Testing UK.