First published: Wed Dec 31 2003(Updated: )
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Outlook | =2000-sr1 | |
Microsoft Outlook | =2000 | |
Microsoft Outlook Express | =6.0 | |
Microsoft Outlook | =2000-sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2003-1378 is considered a critical vulnerability due to its potential to allow remote code execution.
To fix CVE-2003-1378, users should update Microsoft Outlook Express and Microsoft Outlook to the latest security patches provided by Microsoft.
CVE-2003-1378 affects users of Microsoft Outlook 2000, Outlook 2000 with Service Pack 2, and Outlook Express 6.0.
CVE-2003-1378 enables remote attackers to execute arbitrary programs on the victim's system through a malicious HTML email.
Yes, CVE-2003-1378 can be exploited by sending a specially crafted HTML email to the target user, leading to execution without direct user action.