What is CVE-2004-2137?

CVE-2004-2137 is a vulnerability in Microsoft Outlook_express. Published 2004-12-31.

Is CVE-2004-2137 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Outlook_express

CVE-2004-2137

Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to…

EPSS: 0.261 (97.7th percentile) — read the EPSS interpretation.

Affected products

Microsoft Outlook_express — versions 6.0
N/a — versions n/a

Public proof-of-concept exploits

References

cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (Patch, x_refsource_MISC, Vendor Advisory)
cve@mitre.org (Patch, vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (vendor-advisory, Patch, x_refsource_MSKB, Vendor Advisory)
cve@mitre.org (Patch, x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
cve@mitre.org (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2004-2137?: CVE-2004-2137 is a vulnerability in Microsoft Outlook_express. Published 2004-12-31.
Is CVE-2004-2137 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.