CVE-2004-0501

Outlook 2003 - CSRF

Title source: llm

Description

Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote attackers to know when a message has been read, verify valid e-mail addresses, and possibly leak other information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by http-equiv · htmlremotewindows

https://www.exploit-db.com/exploits/24114

View Code ZIP pw:eip

References (5)

[Mailing List] http://marc.info/?l=bugtraq&m=108637351805607&w=2

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16116

[Mailing List] http://marc.info/?l=bugtraq&m=108430168919965&w=2

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/10323

[Mailing List] http://marc.info/?l=ntbugtraq&m=108644231209698&w=2

Scores

EPSS 0.5073

EPSS Percentile 97.9%

Details

Status published

Products (1)

microsoft/outlook 2003

Published Aug 18, 2004

Tracked Since Feb 18, 2026