Outlook security vulnerability

Update, March 10, 2004 — Microsoft has revised this, increasing the severity to Critical and removing references to Outlook Today. See the Microsoft Office Security Bulleting for March, 2004

Secunia has published this advisory affecting Outlook 2002 Service Pack 2, a component of Office XP Service Pack 2. Office 2000 SP3, Office XP and Outlook 2002 SP3, Office 2003 and Outlook 2003 are not vulnerable.

In a nutshell, if Outlook Today is your default folder home page in Outlook, you’re exposed. Opening a malicious email or visiting a malicious web site is all that’s required to infect you. At that point your files are exposed. The easiest workaround is to change your default folder. The other alternative is to download and install Office 2000 Service Pack 3.

Leave a Comment