Security alert - Outlook View Control Exposes Unsafe Functionality
Date: 12 July 2001 Software: Outlook 98,
2000, and 2002 Impact: Run code of attacker's choice via either
web page or HTML e-mail. for more information, see bulletin MS01-038
This page contains scripting intended to expose the
vulnerabilities in the Outlook view control. If you have an
anti-virus program that also scans for scripting, such as Norton AV
2001, you'll get a warning only before the command window loads --
it will not trap the initial scripting that 'reads' your email. The security feature known as HELL will not block the script when
used in a web page. Both Win9x and Win2k are affected, however part
of this sample script will only work on WinNT/2K/XP.
Since the view control can be used in a browser, all versions of
Outlook are affected.