Vulnerability in Outlook 2002 SP2
"A security vulnerability exists within Outlook 2002 that could allow Internet Explorer to execute script code in the Local Machine zone on an affected system. The parsing of specially crafted mailto URLs by Outlook 2002 causes this vulnerability. To exploit this vulnerability, an attacker would have to host a malicious Web site that contained a Web page designed to exploit the vulnerability and then persuade a user to view the Web page.
The attacker could also create an HTML e-mail message designed to exploit the vulnerability and persuade the user to view the HTML e-mail message. After the user has visited the malicious Web site or viewed the malicious HTML e-mail message an attacker who successfully exploited this vulnerability could access files on a user's system or run arbitrary code on a user's system. This code would run in the security context of the currently logged-on user. Outlook 2002 is available as a separate product and is also included as part of Office XP. "
This only affects Microsoft Outlook 2002 Service Pack 2. Outlook 2000/2003 are not affected.
TrackBack URL for this entry:
Listed below are links to weblogs that reference Vulnerability in Outlook 2002 SP2:
Wenn ich im Outlook 2002 "empfangen senden" aufrufe, kommt diue Nachricht "Microsoft Exchange Server steht zur Zeit nicht
Mein Betriebssystem: Windowa xp Home Edition.
Posted by: Hildegard Joeres at Jun 10, 2004 9:06:51 AM