Microsoft Outlook 2003可预测文件位置弱点

漏洞信息详情

Microsoft Outlook 2003可预测文件位置弱点

• CNNVD编号：CNNVD-200408-172
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-0502
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2004-08-18
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  .’);”>Discovery of this …

Outlook 2003回复电子邮件的时候将某些文件存储在原始信息img标签的\”src\”中的可预测的位置，远程攻击者绕开区域限制和利用可预测位置上的其他问题，正如使用shell： URI。

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
Unconfirmed reports suggest that this issue may have been silently patched by Microsoft. These fixes may have been included in Office updates from May 14th or May 17th, 2004. See the References section for details.
@securityfocus.com>

来源: XF
名称: outlook-file-location-predictable(16104)
链接:http://xforce.iss.net/xforce/xfdb/16104

来源: BID
名称: 10307
链接:http://www.securityfocus.com/bid/10307

来源: SECUNIA
名称: 11572
链接:http://secunia.com/advisories/11572

来源: BUGTRAQ
名称: 20040604 RE: PING: Outlook 2003 Spam
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108637351805607&w=2

来源: BUGTRAQ
名称: 20040509 OUTLOOK 2003: OuchLook
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108420583612655&w=2

来源: NTBUGTRAQ
名称: 20040604 RE: PING: Outlook 2003 Spam
链接:http://marc.theaimsgroup.com/?l=ntbugtraq&m=108644231209698&w=2