CVE-2004-2482

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook versions 2000 through 2003

Description: The issue occurs when Microsoft Outlook is configured to use Microsoft Word as the e-mail editor and the user forwards an e-mail. It fails to properly handle an opening OBJECT tag without a corresponding closing OBJECT tag. This causes Outlook to automatically download the URI specified in the data property of the OBJECT tag, potentially allowing remote attackers to execute arbitrary code.

Recommendations: For Microsoft Outlook versions 2000 through 2003, consider disabling the use of Microsoft Word as the e-mail editor until a fix is available. As a temporary workaround, avoid forwarding e-mails that may contain malicious OBJECT tags.