CVE-2004-0501

Outlook 2003 - Information Disclosure via VML Entity URL Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0501. PoCs published by http-equiv.

AI-analyzed exploit summary This is a writeup describing a weakness in Microsoft Outlook 2003 that could allow remote attackers to verify the validity of a recipient's e-mail address. The provided code snippet demonstrates the use of VML (Vector Markup Language) to potentially trigger the issue, but it lacks executable exploit code.

Description

Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote attackers to know when a message has been read, verify valid e-mail addresses, and possibly leak other information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by http-equiv · htmlremotewindows

https://www.exploit-db.com/exploits/24114

View Code ZIP pw:eip

This is a writeup describing a weakness in Microsoft Outlook 2003 that could allow remote attackers to verify the validity of a recipient's e-mail address. The provided code snippet demonstrates the use of VML (Vector Markup Language) to potentially trigger the issue, but it lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Microsoft Outlook 2003

No auth needed

Prerequisites: Victim must open a specially crafted email in Microsoft Outlook 2003

MITRE ATT&CK