| ID |
CVE-2002-1056
|
| Summary |
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.5 (as of 12-10-2018 - 21:31) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| oval
via4
|
| accepted | 2012-05-28T04:01:27.874-04:00 | | class | vulnerability | | contributors | | name | Ingrid Skoog | | organization | The MITRE Corporation |
| name | Ingrid Skoog | | organization | The MITRE Corporation |
| name | John Hoyland | | organization | Centennial Software |
| name | Shane Shaffer | | organization | G2, Inc. |
| | description | Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to. | | family | windows | | id | oval:org.mitre.oval:def:205 | | status | accepted | | submitted | 2004-09-06T12:00:00.000-04:00 | | title | MS Outlook (Word 2000) RTF/HTML Script Execution Vulnerability | | version | 6 |
| accepted | 2012-05-28T04:01:43.568-04:00 | | class | vulnerability | | contributors | | name | Ingrid Skoog | | organization | The MITRE Corporation |
| name | Jonathan Baker | | organization | The MITRE Corporation |
| name | John Hoyland | | organization | Centennial Software |
| name | Matthew Wojcik | | organization | The MITRE Corporation |
| name | Shane Shaffer | | organization | G2, Inc. |
| name | Shane Shaffer | | organization | G2, Inc. |
| | description | Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to. | | family | windows | | id | oval:org.mitre.oval:def:429 | | status | accepted | | submitted | 2004-08-24T12:00:00.000-04:00 | | title | MS Outlook (Word 2002) RTF/HTML Script Execution Vulnerability | | version | 8 |
|
| refmap
via4
|
| bid | 4397 | | bugtraq | - 20020331 More Office XP Problems
- 20020403 More Office XP problems (Version 2.0)
| | xf | outlook-object-execute-script(8708) |
|
| Last major update |
12-10-2018 - 21:31 |
| Published |
16-05-2002 - 04:00 |
| Last modified |
12-10-2018 - 21:31 |
