CVE-2004-2482

Vulnerability

Microsoft Outlook 2000 and Outlook 2003, when configured to use Microsoft Word 2000 or Word 2003 as the e-mail editor, improperly handle an opening OBJECT tag that lacks a corresponding closing OBJECT tag. This flaw occurs during email forwarding. The affected versions are Outlook 2000 and Outlook 2003 with Word 2000 or Word 2003 as the editor. The vulnerability is documented in Secunia advisory [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted email containing an OBJECT tag with a missing closing tag. When the recipient forwards the email, Outlook automatically processes the malformed tag and downloads the URI specified in the data attribute of the OBJECT tag. No additional user interaction beyond forwarding is required. The attacker does not need authentication or special network position; the email must be delivered to and forwarded by the victim.

Impact

Successful exploitation allows the attacker to execute arbitrary code on the victim's machine with the privileges of the logged-in user. This can lead to complete compromise of the affected system, including disclosure of sensitive information, modification of data, or installation of malware.

Mitigation

Microsoft has released security updates to address this issue. Users should apply the latest service packs or patches for Outlook and Word, or disable the use of Word as the e-mail editor as a workaround. As of the publication date, no KEV listing is applicable. Users are advised to upgrade to a supported version of Office that includes the fix.