What is CVE-2004-2694?

CVE-2004-2694 is a vulnerability in Microsoft Outlook_express, classified under CWE-264. Published 2004-12-31.

Is CVE-2004-2694 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Outlook_express

CVE-2004-2694

Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".

EPSS: 0.086 (94.4th percentile) — read the EPSS interpretation.

Affected products

Microsoft Outlook_express — versions 6.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

GuiMatosInfra/explorer2sectool
xaitax/SploitScan

References

cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
cve@mitre.org (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2004-2694?: CVE-2004-2694 is a vulnerability in Microsoft Outlook_express, classified under CWE-264. Published 2004-12-31.
Is CVE-2004-2694 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.