Outlook Vulnerability Raised to Critical

All the security bulletins and patches issued by Microsoft in Mar. 2003 were originally rated either important or moderate, but Microsoft raised an Outlook 2002 vulnerability to critical after further analysis of who could be impacted.

Critical Outlook 2002 Vulnerability

Outlook 2002’s interpretation of a “mailto” URL creates a privilege elevation vulnerability that could allow the execution of code on an affected system. Attackers could exploit this vulnerability to access files on a user’s system or run malicious code.

The mailto URL scheme is used to designate the Internet mailing address of an individual or service, such as mailto://johndoe@directionsonmicrosoft.com; users can simply click on a mailto link and their default e-mail client will automatically launch with the mailto address entered in the “To” field. The vulnerability enables an attacker to create a malicious mailto address on a Web page or in an HTML e-mail message, that when clicked on by the user, is interpreted by Outlook 2002 in a way that allows malicious code to execute.