How would it be if you get to know that a remote user can cause unwanted and hazardous code to be executed on the target user’s system. Alarmed?
There is every reason to answer this question with a YES. You are more susceptible to this vulnerability if you are using Microsoft Outlook. This vulnerability had been reported by Greg MacManus of iDefense Labs. Wanna know how this would be happening?
Procedure: A remote user can create a specially crafted mailto URL that, when loaded by the target user, will trigger an input validation flaw and execute unwanted code on the target system. The code when executed, will run with the privileges of the target user.
Solution: Microsoft has come out with specific fixes which are free to download:
Outlook 2000 Service Pack 3: Get it here
Outlook 2002 Service Pack 3: Get it here
Outlook 2003 Service Pack 2: Get it here
Outlook 2003 Service Pack 3: Get it here
Outlook 2007: Get it here
A restart is not required.
Have a look at the Microsoft Advisary.
For more related articles: Security Tracker