Back to search
CVE-2006-2055
Published: Apr 26, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2006-1538
vdb-entry
x_refsource_VUPEN
20060424 Multiple browsers Windows mailto protocol Office 2003 file attachment exploit
mailing-list
x_refsource_BUGTRAQ
office-mailto-obtain-information(26118)
vdb-entry
x_refsource_XF
19819
third-party-advisory
x_refsource_SECUNIA
25003
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now