CVE-2004-0502

Name of the Vulnerable Software and Affected Versions Outlook 2003

Description The issue allows remote attackers to bypass zone restrictions and exploit other issues by storing certain files in a predictable location for the "src" of an img tag of the original message when replying to an e-mail. This can be demonstrated using a shell: URI.

Recommendations For Outlook 2003, consider disabling the ability to reply to e-mail messages with img tags until a patch is available. Restrict access to predictable locations to minimize the risk of exploitation. Avoid using the shell: URI scheme in replies to minimize potential risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.