CVE-2004-0501

Name of the Vulnerable Software and Affected Versions Outlook version 2003

Description The issue allows remote attackers to bypass intended access restrictions. This can be achieved by sending an HTML e-mail message containing a Vector Markup Language (VML) entity. The src parameter of this entity points to a remote site, which could allow attackers to determine when a message has been read, verify valid e-mail addresses, and possibly leak other information.

Recommendations For Outlook version 2003, as a temporary workaround, consider disabling the handling of VML entities in HTML e-mail messages until a patch is available. Restrict access to external URLs from within Outlook to minimize the risk of exploitation. Avoid using Outlook to access potentially malicious HTML e-mail messages until the issue is resolved.