Description
An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function.
Products
- Microsoft Outlook 2002
- Microsoft Outlook 2002 sp1
- Microsoft Outlook 2002 sp2
- Microsoft Outlook 2002 Service Pack 3
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2002-0481, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2002-0481 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References