Outlook Express provides several components that are used both by it
and Outlook, if Outlook is installed on the machine. One such
component, used to process vCards, contains an unchecked buffer.
By creating a vCard and editing it to contain specially chosen data,
then sending it to another user, an attacker could cause either of
two effects to occur if the recipient opened it. In the less serious
case, the attacker could cause the mail client to fail. If this
happened, the recipient could resume normal operation by restarting
the mail client and deleting the offending mail. In the more serious
case, the attacker could cause the mail client to run code of her
choice on the user´s machine. Such code could take any desired
action, limited only by the permissions of the recipient on the
machine.
Read more/Download
and Outlook, if Outlook is installed on the machine. One such
component, used to process vCards, contains an unchecked buffer.
By creating a vCard and editing it to contain specially chosen data,
then sending it to another user, an attacker could cause either of
two effects to occur if the recipient opened it. In the less serious
case, the attacker could cause the mail client to fail. If this
happened, the recipient could resume normal operation by restarting
the mail client and deleting the offending mail. In the more serious
case, the attacker could cause the mail client to run code of her
choice on the user´s machine. Such code could take any desired
action, limited only by the permissions of the recipient on the
machine.
Read more/Download