VDB
CVE-2004-0380
CVE-2004-0380
PUBLISHED
CVSS 10 CRITICAL
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
EPSS 74.41% · 98.9th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
74.41%
98.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| microsoft | outlook_express | 5.5, 6.0 |
Timeline
- Apr 6, 2004 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- oval:org.mitre.oval:def:990 vdb
- 9105 vdb
- VU#323070 third-party-advisory
- oval:org.mitre.oval:def:1010 vdb
- outlook-mhtml-execute-code(15705) vdb
- MS04-013 vendor-advisory
- 9658 vdb
- TA04-104A third-party-advisory
- oval:org.mitre.oval:def:882 vdb
- http://www.k-otik.net/bugtraq/02.18.InternetExplorer.php url
- 20040328 IE ms-its: and mk:@MSITStore: vulnerability mailing-list
- 20040219 Microsoft Internet Explorer Unspecified CHM File Processing Arbitrary Code Execution Vulnerability (bid 9658) mailing-list
- oval:org.mitre.oval:def:1028 vdb
- 10523 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2004-0380 advisory