Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MS03-014 | First vendor Publication | N/A |
| Vendor | Microsoft | Last vendor Modification | N/A |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Cumulative Patch for Outlook Express (330994) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 4 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 3053 | Microsoft IE Web Folder Script Injection Microsoft Internet Explorer could allow a remote attacker to execute script on a vulnerable system using the Internet Explorer "Web Folder" feature. The issue is due to the "Web Folder" allowing a user to make Web content public. If the Web Folder doesn't exist, a special error message is created for the user. This error message is created insecurely and allows a remote attacker to inject malicious script into it, which will be executed the next time the error occurs. The script that is executed would run in the context of the "My Computer" security zone. |
