Vulnerabilities > CVE-2002-0481 - Unspecified vulnerability in Microsoft Outlook 2002

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

microsoft

NVD

Published: 2002-08-12

Updated: 2008-09-05

Summary

An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Outlook 2002	1

References

http://online.securityfocus.com/archive/1/263429
http://www.iss.net/security_center/static/8604.php
http://www.securityfocus.com/bid/4340