[ StratOS @ 12.03.2004. 10:40 ] @
| Finnish security researcher Jouko Pynnönen has discovered a command-line script injection vulnerability in Microsoft Outlook. In response, Microsoft created the MS04-009 patch that has been labelled Critical, which can be found at http://www.microsoft.com/technet/security/bulletin/ms04-009.mspx By exploiting the mailto: URL protocol handler provided by Outlook, it is possible to inject arbitrary script code into the My Computer security zone. This can be used by a virus to send you an email which automatically launches an executable when you read it, without requiring any user interaction such as opening email attachments. Refferer:http://seclists.org/lists/bugtraq/2004/Mar/0086.html |