Vulnerability in Outlook 2002 could allow arbitrary command-line parameters in the Outlook.exe file

Article ID: 838440 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

A vulnerability exists in Microsoft Outlook 2002 where duplicate command-line parameters may be passed in the Outlook.exe file. An attacker could possibly override the command-line parameters that are passed in the Outlook.exe file and pass arbitrary command-line parameters in a specially-crafted e-mail message to run malicious code on your computer.
Back to the top | Give Feedback

RESOLUTION

To resolve this problem, use one of the following methods, depending on your situation:
  • Install Microsoft Office XP Service Pack 3 (SP3).

    For additional information about Office XP SP3, click the following article number to view the article in the Microsoft Knowledge Base:
    832671
    (http://support.microsoft.com/kb/832671/ )
    Description of Microsoft Office XP Service Pack 3
  • Install the administrative version of the Microsoft Outlook 2002 Security Patch: KB828040 that is described in the following article in the Microsoft Knowledge Base:
    828040
    (http://support.microsoft.com/kb/828040/ )
    Outlook 2002 Security Patch: March 9, 2004
Back to the top | Give Feedback

WORKAROUND

To work around this problem, configure Outlook 2002 to use a different home page than the Outlook Today home page. The Outlook Today home page is the default view that Microsoft Outlook uses if Outlook is not configured to use an e-mail account. To configure Outlook 2002 to use a different home page than the Outlook Today home page:
  1. Start Outlook 2002 (if it is not already started).
  2. On the View menu, click the Folder List.
  3. Under Folder List, right-click the Outlook Today folder, and then click Properties for Outlook Today.
  4. Click the Home Page tab.
  5. In the Address box, specify the home page that you want to display for the Outlook Today folder. To do so, type the Uniform Resource Locator (URL) of the Web page or of the path of the document that you want to use as the home page for the Outlook Today folder. Or, click Browse, locate the document or the Web page that you want to use, and then click OK.
  6. Click OK.
Back to the top | Give Feedback

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section of this article.
Back to the top | Give Feedback

Properties

Article ID: 838440 - Last Review: March 9, 2004 - Revision: 1.1
APPLIES TO
  • Microsoft Outlook 2002 Standard Edition
Keywords: 
kbbug kbfix KB838440
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top