Vulnerability Details : CVE-2004-0380

The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
Published 2004-05-04 04:00:00
Updated 2018-10-12 21:34:34
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2004-0380

Probability of exploitation activity in the next 30 days: 96.59%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2004-0380

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
10.0
 HIGH AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
 NIST

References for CVE-2004-0380

Products affected by CVE-2004-0380

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close