Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft Outlook 2002 HTML Mail Script Execution Vulnerability

Microsoft Outlook 2002 HTML Mail Script Execution Vulnerability

by Nikola Strahija on April 3rd, 2002 Microsoft Outlook 2002 can be made to execute script embedded in HTML mail without warning the user. This is done by creating a web browser object containing script in the "Location" parameter specified by a tag and embedding this in the mail.


When a user chooses to "reply" or "forward" the message, the script is executed.

Remote: Yes

Exploit: Georgi Guninski has provided a sample object and script



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »