CVE-2008-0110

Name of the Vulnerable Software and Affected Versions Microsoft Outlook in Office versions prior to the fixed version

Description The issue allows remote code execution if a specially crafted mailto URI is passed to Outlook. This could enable an attacker to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system may be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Outlook in Office 2000 SP3, update to a version that includes the fix for this issue. For Microsoft Outlook in Office XP SP3, update to a version that includes the fix for this issue. For Microsoft Outlook in Office 2003 SP2 and SP3, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of crafted mailto URIs in Outlook until a patch is available.