Microsoft Outlook mailto Command Line Switch Injection
12 Mar. 2008
Summary
Microsoft Outlook provides "an integrated solution for managing and organizing e-mail messages, schedules, tasks, notes, contacts, and other information". Remote exploitation of an input validation error in the handling of "mailto" URIs by Microsoft Corp.'s Outlook may allow arbitrary code execution.
Vulnerable Systems:
* Microsoft Outlook 2007 on Windows XP SP2
It is possible to construct a "mailto" URI which causes the web browser to pass extra command line switches to Outlook. These switches can modify Outlook's account configuration.
Analysis:
Exploitation of this vulnerability may allow an attacker to access sensitive information or take complete control of an affected system. In order to exploit this vulnerability, an attacker would have to convince a user to view an attacker-controlled website.
Workaround:
Disabling the "mailto" URI handler will prevent exploitation of this vulnerability. However, doing so will also disable e-mail links within all applications.
