Definition

MS Outlook Argument Injection Local Vulnerability

oval:org.mitre.oval:def:843

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.

Family:

windows

Status:

ACCEPTED

Platform(s):

Microsoft Windows 95

Class:

vulnerability

Reference(s):

CVE-2004-0121

Product(s):

Microsoft Outlook