Microsoft Outlook and Outlook Express Arbitrary Program Execution Vulnerability

High Nessus Network Monitor Plugin ID 1290

Synopsis

The remote host may be tricked into running an executable file

Description

The remote host may be running a version of the Outlook mail client that will execute arbitrary programs through objects embedded in HTML email messages.

Solution

Set Outlook and Outlook Express to use the Internet Explorer Restricted Sites Zone. This can be set on the Security Tab in Tools -> Options

Plugin Details

Severity: High

ID: 1290

Family: SMTP Clients

Published: 2004/08/20

Modified: 2018/09/16

Dependencies: 1332

Risk Information

Risk Factor: High

CVSSv2

Base Score: 8.8

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:N

Temporal Vector: CVSS2#E:U/RL:W/RC:ND

CVSSv3

Base Score: 7.4

Temporal Score: 6.5

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS3#E:U/RL:W/RC:X

Vulnerability Information

CPE: cpe:/a:microsoft:outlook

Reference Information

CVE: CVE-2003-1378

BID: 6923