Microsoft Outlook mailto URL Handling Vulnerability

CERT has issued a warning about the above Microsoft Outlook 2002 vulnerability. The information security organisation says that it allows the software to handle a certain type of URL in such a way as to allow a remote attacker to execute arbitrary code on the vulnerable system.

CERT’s description is as follows:
“Microsoft Outlook provides a centralized application for managing and organizing email messages, schedules, tasks, notes, contacts, and other information. Outlook is included as a component of newer versions of Microsoft Office and available as a stand-alone product.

Outlook 2002 exposes a vulnerability due to inadequate checking of parameters passed to the Outlook email client. The vulnerability is caused by the way a "mailto:" URL is interpreted. An attacker creating specially formatted "mailto:" URLs can cause Outlook to run privileged script, ultimately leading to the execution of arbitrary code. The malicious code could be delivered to the victim via a specially crafted HTML email message or from an intruder-controlled web page.

Microsoft originally stated that users were only at risk from this vulnerability when Outlook 2002 is configured as the default mail reader and when the "Outlook Today" home page is their default folder home page. Subsequent information has been published that indicates that this is not true and users in other situations are vulnerable via a slightly different attack vector.

Read the CERT alert.

•Date: 12th March 2004 •Region: N.America / World •Type: Article •Topic: Warnings
Rate this article or make a comment - click here