CVE-2004-0502

Outlook 2003 - Remote Code Execution via Predictable File Location in Email Reply

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0502. PoCs published by http-equiv.

AI-analyzed exploit summary The code describes a vulnerability in Microsoft Outlook 2003 where files specified in img tags are stored in predictable locations, potentially enabling exploitation of browser-based vulnerabilities. It includes an example img tag demonstrating the issue.

Description

Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI.

Exploits (1)

exploitdb WRITEUP VERIFIED

by http-equiv · textremotewindows

https://www.exploit-db.com/exploits/24101

View Code ZIP pw:eip

The code describes a vulnerability in Microsoft Outlook 2003 where files specified in img tags are stored in predictable locations, potentially enabling exploitation of browser-based vulnerabilities. It includes an example img tag demonstrating the issue.

Classification

Writeup 80%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Microsoft Outlook 2003

No auth needed

Prerequisites: Victim must open a malicious email in Microsoft Outlook 2003

MITRE ATT&CK