CVE-2004-2137

high

Description

Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17098

http://www.securityfocus.com/bid/11040

http://www.osvdb.org/9167

http://www.networksecurity.fi/advisories/outlook-bcc.html

http://support.microsoft.com/kb/843555

http://securitytracker.com/id?1011067

http://secunia.com/advisories/12376

Details

Source: Mitre, NVD

Published: 2004-12-31

Updated: 2024-11-20

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High