Reported March 9, 2004, by Microsoft.
VERSIONS AFFECTED
·
Microsoft Office XP Service
Pack 2 (SP2)
·
Microsoft Office Outlook 2002
SP2
DESCRIPTION
A vulnerability in Outlook
2002 can result in the execution of arbitrary code on the vulnerable system,
under the Local Computer Zone. The parsing of specially crafted mailto
URLs by Outlook 2002 causes this vulnerability.
VENDOR RESPONSE
Microsoft has released security bulletin
MS04-009, "Vulnerability in
Microsoft Outlook Could Allow Code Execution (828040),"
to address this vulnerability and recommends that affected users immediately
apply the appropriate patch listed in the bulletin.
CREDIT
Discovered by
iDefense and
Jouko Pynnönen.
Code Execution Vulnerability in Microsoft Outlook 2002
0 comments
Hide comments