CVE-2004-2137
First published: Fri Dec 31 2004(Updated: )
Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Outlook Express | =6.0-sp1 | |
| Microsoft Outlook Express | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-2137?
CVE-2004-2137 is rated as a moderate severity vulnerability due to potential information disclosure.
How do I fix CVE-2004-2137?
The recommended fix for CVE-2004-2137 is to stop using Outlook Express 6.0 or to implement patches provided by Microsoft.
What type of information does CVE-2004-2137 expose?
CVE-2004-2137 exposes the BCC recipients of an email to the addresses in the To and CC fields.
Which versions of Outlook Express are affected by CVE-2004-2137?
CVE-2004-2137 affects Outlook Express 6.0 and its Service Pack 1 variant.
How can attackers exploit CVE-2004-2137?
Attackers can exploit CVE-2004-2137 by sending multipart emails that inadvertently reveal BCC recipients, risking the exposure of sensitive information.
- collector/nvd-historical
- vendor/microsoft
- product/outlook express
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- agent/source
- canonical/microsoft outlook express
- version/microsoft outlook express/6.0-sp1
- version/microsoft outlook express/6.0