Microsoft Outlook HTML Mail Script Execution

2002-03-31T00:00:00
ID OSVDB:2061
Type osvdb
Reporter OSVDB
Modified 2002-03-31T00:00:00

Description

Vulnerability Description

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.

Short Description

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.

References:

ISS X-Force ID: 8708 CVE-2002-1056 CIAC Advisory: m-073 Bugtraq ID: 4397