Jump to content
Compatible Support Forums
Sign in to follow this  
Philipp

Outlook View Control Exposes Unsafe Functionality 2.0

Recommended Posts

On July 12, 2001, Microsoft released the original version of this bulletin, to advise customers of a vulnerability affecting Microsoft Outlook and to recommend that they temporarily use an administrative procedure to protect their systems. A patch that eliminates the vulnerability is now available. An updated version of the bulletin was released on August 16, 2001, to announce the availability of the patch and to advise customers that the administrative procedure is no longer needed.

 

The Microsoft Outlook View Control is an ActiveX control that allows Outlook mail folders to be viewed via web pages. The control should only allow passive operations such as viewing mail or calendar data. In reality, though, it exposes a function that could allow the web page to manipulate Outlook data. This could enable an attacker to delete mail, change calendar information, or take virtually any other action through Outlook including running arbitrary code on the user´s machine.

 

Read more

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×