CVE DATABASE / CVE-2004-0121
CVE-2004-0121
CVSS 7.5 · HIGH
Summary
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
CVSS 2.0 breakdown
| Base score | 7.5 (HIGH) |
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Confidentiality | PARTIAL |
| Integrity | PARTIAL |
| Availability | PARTIAL |
Weakness type (CWE)
Affected products
Microsoft officeMicrosoft outlook
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://marc.info/?l=bugtraq&m=107893704602842&w=2
- http://www.ciac.org/ciac/bulletins/o-096.shtml
- http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities
- http://www.kb.cert.org/vuls/id/305206
- http://www.securityfocus.com/bid/9827
- http://www.us-cert.gov/cas/techalerts/TA04-070A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15414
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15429
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A843
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.