Описание
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
Ссылки
- Third Party Advisory
- Broken Link
- Broken LinkPatchVendor Advisory
- MitigationThird Party AdvisoryUS Government Resource
- Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
- Broken LinkThird Party AdvisoryUS Government Resource
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Broken Link
- Third Party Advisory
- Broken Link
- Broken LinkPatchVendor Advisory
- MitigationThird Party AdvisoryUS Government Resource
- Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
- Broken LinkThird Party AdvisoryUS Government Resource
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Broken Link
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2002:sp2:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.51468
Средний
7.5 High
CVSS2
Дефекты
CWE-88
Связанные уязвимости
github
почти 4 года назад
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
EPSS
Процентиль: 98%
0.51468
Средний
7.5 High
CVSS2
Дефекты
CWE-88