header-logo
Suggest Exploit
vendor:
Outlook
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Outlook
Affected Version From: MS Outlook 2000
Affected Version To: MS Outlook 2002
Patch Exists: YES
Related CWE: CVE-2002-0059
CPE: a:microsoft:outlook
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2003-168/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

MS Outlook Hidden Attachment Vulnerability

Versions of MS Outlook are vulnerable to receiving a hidden, potentially hostile attachment. An arbitrary string of characters, supplied by the sender to the 'subject:' field, will be received and interpreted by vulnerable versions of Outlook as an attachment to the message. If this string is properly constructed, it can be executable and capable of performing hostile actions on the vulnerable host. This can also be used to circumvent Outlook's dangerous file security feature.

Mitigation:

Users should upgrade to the latest version of MS Outlook to ensure that they are not vulnerable to this attack.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2260/info

Versions of MS Outlook are vulnerable to receiving a hidden, potentially hostile attachment. An arbitrary string of characters, supplied by the sender to the 'subject:' field, will be received and interpreted by vulnerable versions of Outlook as an attachment to the message. If this string is properly constructed, it can be executable and capable of performing hostile actions on the vulnerable host.

This can also be used to circumvent Outlook's dangerous file security feature. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20571.zip

Navigation

Suggest Exploit

Services By CQR