Date: 12 July 2001
Software: Outlook 98, 2000, and 2002
Impact: Run code of attacker's choice via either web page or HTML e-mail.
for more information, see bulletin MS01-038

---

This page contains scripting intended to expose the vulnerabilities in the Outlook view control. If you have an anti-virus program that also scans for scripting, such as Norton AV 2001, you'll get a warning only before the command window loads -- it will not trap the initial scripting that 'reads' your email.

The security feature known as HELL will not block the script when used in a web page. Both Win9x and Win2k are affected, however part of this sample script will only work on WinNT/2K/XP. Since the view control can be used in a browser, all versions of Outlook are affected.