CVE-2004-2137

CVE Database · CVE-2004-2137

CVE-2004-2137

· N/AModified

CVSS v3.1

N/A

EPSS

26.14%

Published

Dec 31, 2004

Modified

Apr 15, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information.

Affected Products (2)

microsoft · outlook_expressvulnerable

References (14)

http://secunia.com/advisories/12376

PatchVendor Advisory

http://securitytracker.com/id?1011067

Patch

http://support.microsoft.com/kb/843555

PatchVendor Advisory

http://www.networksecurity.fi/advisories/outlook-bcc.html

PatchVendor Advisory

http://www.osvdb.org/9167

http://www.securityfocus.com/bid/11040

https://exchange.xforce.ibmcloud.com/vulnerabilities/17098

http://secunia.com/advisories/12376

KEV Catalog EPSS Scores Vendors All CVEs