Rhino
05-19-2004, 10:05 PM
[ QUOTE ]
<font>Microsoft Outlook RTF Embedded OLE Object Security Bypass</font> (http://secunia.com/advisories/11629/)
Secunia Advisory: SA11629
Release Date: 2004-05-18
Critical: Moderately critical
Impact: Security Bypass
Where: From remote
Software: Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Outlook 2003
Description:
http-equiv has reported a vulnerability in Microsoft Outlook 2003, allowing malicious people to perform illegal actions through emails.
Microsoft Outlook 2003 is supposed to protect the user by opening mails in the restricted security zone, thereby preventing the use of active scripting, download of files and more.
However, it is possible to bypass the security settings by embedding an OLE Object with reference to a Windows media file in a Rich Text Format (RTF) message.................
[/ QUOTE ]
<font>Microsoft Outlook RTF Embedded OLE Object Security Bypass</font> (http://secunia.com/advisories/11629/)
Secunia Advisory: SA11629
Release Date: 2004-05-18
Critical: Moderately critical
Impact: Security Bypass
Where: From remote
Software: Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Outlook 2003
Description:
http-equiv has reported a vulnerability in Microsoft Outlook 2003, allowing malicious people to perform illegal actions through emails.
Microsoft Outlook 2003 is supposed to protect the user by opening mails in the restricted security zone, thereby preventing the use of active scripting, download of files and more.
However, it is possible to bypass the security settings by embedding an OLE Object with reference to a Windows media file in a Rich Text Format (RTF) message.................
[/ QUOTE ]