Microsoft Outlook Concealed Attachment Vulnerability

Versions of MS Outlook are vulnerable to receiving a hidden, potentially hostile attachment. An arbitrary string of characters, supplied by the sender to the 'subject:' field, will be received and interpreted by vulnerable versions of Outlook as an attachment to the message. If this string is properly constructed, it can be executable and capable of performing hostile actions on the vulnerable host.

This can also be used to circumvent Outlook's dangerous file security feature.


 

Privacy Statement
Copyright 2010, SecurityFocus