Description
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by http-equiv · textremotewindows
https://www.exploit-db.com/exploits/22280
References (4)
Core 4
Core References
Exploit mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/312910
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11411
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6923
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/312929
Scores
EPSS
0.4230
EPSS Percentile
97.5%
Details
CWE
CWE-264
Status
published
Products (2)
microsoft/outlook
2000 (3 CPE variants)
microsoft/outlook_express
6.0
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026