Reported March 9, 2004, by Microsoft.
· Microsoft Office XP Service Pack 2 (SP2)
· Microsoft Office Outlook 2002 SP2
A vulnerability in Outlook 2002 can result in the execution of arbitrary code on the vulnerable system, under the Local Computer Zone. The parsing of specially crafted mailto URLs by Outlook 2002 causes this vulnerability.
Microsoft has released security bulletin MS04-009, "Vulnerability in Microsoft Outlook Could Allow Code Execution (828040)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch listed in the bulletin.