CVE-2002-1056

Sažetak

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.

Reference

http://marc.info/?l=bugtraq&m=101760380418890&w=2
http://online.securityfocus.com/archive/1/265621
http://www.iss.net/security_center/static/8708.php
http://www.securityfocus.com/bid/4397
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A205
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A429

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

12-10-2018 - 21:31

Objavljeno

16-05-2002 - 04:00