Vulnerability Details : CVE-2002-1056
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
Exploit prediction scoring system (EPSS) score for CVE-2002-1056
Probability of exploitation activity in the next 30 days: 15.17%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-1056
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2002-1056
-
http://www.securityfocus.com/bid/4397
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-021
-
http://online.securityfocus.com/archive/1/265621
-
http://marc.info/?l=bugtraq&m=101760380418890&w=2
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A205
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A429
-
http://www.iss.net/security_center/static/8708.php
Products affected by CVE-2002-1056
- cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*