Reported April 25, 2002, by Microsoft.
Microsoft Outlook 2002
Microsoft Outlook 2000
A vulnerability exists in Microsoft Outlook 2002 and Outlook 2000 that can let an attacker execute arbitrary script under the user’s security context on the vulnerable computer. This vulnerability stems from a difference in the security settings that the system applies when displaying an email rather than editing one. When Outlook displays an HTML-formatted email, Outlook applies Microsoft Internet Explorer’s (IE's) security zone settings that prevent the system from running scripts. But if the user replies to or forwards this email and has selected Microsoft Word as the email editor, Outlook opens the message and configures Word to be the editor for creating email messages. Outlook doesn't block scripts in this mode. An attacker can exploit this vulnerability by sending a specially malformed HTML email containing a script to an Outlook user who has Word enabled as the email editor. If the user replies to or forwards the email, the script runs and can take any action the user can take.
Discovered by Microsoft.