Reported April 23, 2003, by Microsoft.
· Microsoft Outlook Express 6.0 and 5.5
A vulnerability in Microsoft Outlook Express 6.0 and 5.5 can result in the execution of arbitrary code on the vulnerable system. This vulnerability is a result of flaw in the Mime Encapsulation of Aggregate HTML (MHTML) URL Handler. To exploit this vulnerability, an attacker can construct a URL and either host it on a Web site or send it by email. In the Web-based scenario, when a user clicks the site-hosted URL, the attacker can then read or launch files already present on the local machine.
Discovered by Microsoft.