What is CVE-2003-1378?

CVE-2003-1378 is a vulnerability in Microsoft Outlook, classified under CWE-264. Published 2003-12-31.

Is CVE-2003-1378 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Outlook

CVE-2003-1378

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to…

EPSS: 0.156 (96.4th percentile) — read the EPSS interpretation.

Affected products

Microsoft Outlook — versions 2000
Microsoft Outlook_express — versions 6.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

cve@mitre.org (mailing-list, Exploit, x_refsource_BUGTRAQ)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (Exploit, vdb-entry, x_refsource_BID)
cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)

Frequently asked questions

What is CVE-2003-1378?: CVE-2003-1378 is a vulnerability in Microsoft Outlook, classified under CWE-264. Published 2003-12-31.
Is CVE-2003-1378 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.