Unrated severityNVD Advisory· Published Dec 31, 2003· Updated Apr 16, 2026

CVE-2003-1378

Description

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.

Affected products

Microsoft/Outlook3 versions
cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook:2000:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook:2000:sr1:*:*:*:*:*:*
Microsoft/Outlook Express
cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/archive/1/312910nvdExploit
www.securityfocus.com/bid/6923nvdExploit
www.securityfocus.com/archive/1/312929nvd
exchange.xforce.ibmcloud.com/vulnerabilities/11411nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.034
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000