VULHUB ™

Microsoft Outlook introduces a vulnerability that may allow attackers to execute arbitrary commands on a target system. The vulnerability is due to a new ActiveX control called 'Microsoft Outlook View Control'. The flaw is that this control is marked 'safe for scripting' when it should not be. It is therefore accessible by scripts. Scripts can execute commands without user knowledge or consent.

Microsoft Outlook introduces a vulnerability that may allow attackers to execute arbitrary commands on a target system. The vulnerability is due to a new ActiveX control called 'Microsoft Outlook View Control'. The flaw is that this control is marked 'safe for scripting' when it should not be. It is therefore accessible by scripts. Scripts can execute commands without user knowledge or consent.