Microsoft Outlook 2002 HTML Mail Script Execution Vulnerability

Homer · Post #1 (**permalink**) 04-03-2002, 12:35 AM

Microsoft Outlook 2002 can be made to execute script embedded in HTML mail without warning the user. This is done by creating a web browser object containing script in the "Location" parameter specified by a <PARAM ... > tag and embedding this in the mail.

When a user chooses to "reply" or "forward" the message, the script is executed.

Reyner · Post #2 (**permalink**) 04-09-2002, 07:54 PM

Wow! I didn't know that! Thanks for the tip Homer. Is there a way to disable that? Any patch?

.::DefCon::. · Post #3 (**permalink**) 04-10-2002, 07:04 AM

Quote:

Originally posted by Reyner
Wow! I didn't know that! Thanks for the tip Homer. Is there a way to disable that? Any patch?

Try www.microsoft.com