Outlook Vulnerability - Can anybody confirm

  • Thread starter Thread starter Curious Guy
  • Start date Start date
C

Curious Guy

Has Microsoft acknowledged the following vulnerability in
Outlook 2003?

Description:

http-equiv has reported a vulnerability in Microsoft
Outlook 2003, allowing malicious people to perform illegal
actions through emails.

Microsoft Outlook 2003 is supposed to protect the user by
opening mails in the restricted security zone, thereby
preventing the use of active scripting, download of files
and more.

However, it is possible to bypass the security settings by
embedding an OLE Object with reference to a Windows media
file in a Rich Text Format (RTF) message. This can be
exploited to start a download sequence of arbitrary files,
which in turn causes Internet Explorer to prompt the user
whether to download the file. However, combined with
SA11572 "Predictable File Location Weakness", it is
reportedly possible to launch the file without any warning.

This has been reported to affect Microsoft Outlook 2003.
Other versions may also be affected, however, they do not
promise to protect the user in the same way.

Solution:
Filter HTML and RTF messages.

Source:
http://secunia.com/advisories/11629/
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows 8 is the most vulnerable Windows OS -> you can thank Adobe Flashfor that 1
Unpatched vulnerability exposes Netgear routers to easy hacking 0
Microsoft patches critical flaw in Windows Defender 1
SiSoftware Sandra Insecure Library Loading Vulnerability 0
Google Chrome Multiple Vulnerabilities ... patch is auto-updated 0
New Zero Day IE vulnerability 0
Adobe Reader / Acrobat - Critical Vulnerability 1
Firefox vulnerability 0

Back
Top