New Search

MS Outlook Argument Injection Local Vulnerability

oval:org.mitre.oval:def:843

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 95
Class:
vulnerability
Reference(s):
  • CVE-2004-0121
Product(s):
  • Microsoft Outlook