CVE-2004-0121

Name of the Vulnerable Software and Affected Versions Microsoft Outlook version 2002

Description The issue concerns an argument injection vulnerability where Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE. This allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.

Recommendations For Microsoft Outlook version 2002, as a temporary workaround, consider restricting the use of mailto: URLs until a patch is available. Avoid using script code in the Local Machine zone to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.