Microsoft Outlook 2002 HTML Mail Script Execution Vulnerability

[Homer]

Microsoft Outlook 2002 can be made to execute script embedded in HTML mail without warning the user. This is done by creating a web browser object containing script in the "Location" parameter specified by a <PARAM ... > tag and embedding this in the mail.

When a user chooses to "reply" or "forward" the message, the script is executed.

 

[Reyner]

Wow! I didn't know that! Thanks for the tip Homer. Is there a way to disable that? Any patch?

 

[.::DefCon::.]

Wow! I didn't know that! Thanks for the tip Homer. Is there a way to disable that? Any patch?

Try www.microsoft.com