Vulnerability in Outlook 2002 could allow arbitrary command-line parameters in the Outlook.exe file (838440)



The information in this article applies to:

  • Microsoft Outlook 2002

SYMPTOMS

A vulnerability exists in Microsoft Outlook 2002 where duplicate command-line parameters may be passed in the Outlook.exe file. An attacker could possibly override the command-line parameters that are passed in the Outlook.exe file and pass arbitrary command-line parameters in a specially-crafted e-mail message to run malicious code on your computer.

RESOLUTION

To resolve this problem, use one of the following methods, depending on your situation:
  • Install Microsoft Office XP Service Pack 3 (SP3).

    For additional information about Office XP SP3, click the following article number to view the article in the Microsoft Knowledge Base:

    832671 Description of Microsoft Office XP Service Pack 3

  • Install the administrative version of the Microsoft Outlook 2002 Security Patch: KB828040 that is described in the following article in the Microsoft Knowledge Base:

    828040 Outlook 2002 Security Patch: March 9, 2004

WORKAROUND

To work around this problem, configure Outlook 2002 to use a different home page than the Outlook Today home page. The Outlook Today home page is the default view that Microsoft Outlook uses if Outlook is not configured to use an e-mail account. To configure Outlook 2002 to use a different home page than the Outlook Today home page:
  1. Start Outlook 2002 (if it is not already started).
  2. On the View menu, click the Folder List.
  3. Under Folder List, right-click the Outlook Today folder, and then click Properties for Outlook Today.
  4. Click the Home Page tab.
  5. In the Address box, specify the home page that you want to display for the Outlook Today folder. To do so, type the Uniform Resource Locator (URL) of the Web page or of the path of the document that you want to use as the home page for the Outlook Today folder. Or, click Browse, locate the document or the Web page that you want to use, and then click OK.
  6. Click OK.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section of this article.

Modification Type:MajorLast Reviewed:3/9/2004
Keywords:kbBug kbfix KB838440 kbAudITPRO kbAudEndUser