CVE-2002-1056

high

Description

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A429

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A205

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-021

http://www.securityfocus.com/bid/4397

http://www.iss.net/security_center/static/8708.php

http://online.securityfocus.com/archive/1/265621

http://marc.info/?l=bugtraq&m=101760380418890&w=2

Details

Source: Mitre, NVD

Published: 2002-05-16

Updated: 2024-11-20

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Severity: High