[ StratOS @ 12.03.2004. 10:40 ] @
Finnish security researcher Jouko Pynnönen has discovered a command-line script
injection vulnerability in Microsoft Outlook. In response, Microsoft created the
MS04-009 patch that has been labelled Critical, which can be found at


By exploiting the mailto: URL protocol handler provided by Outlook, it is
possible to inject arbitrary script code into the My Computer security zone.
This can be used by a virus to send you an email which automatically launches an
executable when you read it, without requiring any user interaction such as
opening email attachments.