Microsoft Outlook 2003 - Predictable File Location

EDB-ID:

24101




Platform:

Windows

Date:

2004-05-10


source: https://www.securityfocus.com/bid/10307/info

Microsoft Outlook 2003 is reported to be prone to store files that are specified in img tags, in predictable locations. 

This may present a security risk because many known (and potential) Internet Explorer vulnerabilities depend on the attacker being able to directly reference malicious content on a victim system. Given both the ability to place such content on the file system and reference it specifically by location, exploitation of many browser-based vulnerabilities becomes possible.

<img src="malware.htm" style="display:none">