Microsoft Outlook and Outlook Express Arbitrary Program Execution Vulnerability

high Nessus Network Monitor Plugin ID 1290

Synopsis

The remote host may be tricked into running an executable file

Description

The remote host may be running a version of the Outlook mail client that will execute arbitrary programs through objects embedded in HTML email messages.

Solution

Set Outlook and Outlook Express to use the Internet Explorer Restricted Sites Zone. This can be set on the Security Tab in Tools -> Options

Plugin Details

Severity: High

ID: 1290

Family: SMTP Clients

Published: 8/20/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:N

CVSS v3

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.6

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:W/RC:X

Vulnerability Information

CPE: cpe:/a:microsoft:outlook

Reference Information

CVE: CVE-2003-1378

BID: 6923