Microsoft Security Bulletin MS01-038
Outlook View Control Exposes Unsafe Functionality
Originally posted: July 12, 2001
Updated: June 13, 2003
Who should read this bulletin:
Customers using Microsoft® Outlook 2002, 2000, and 98.
Impact of vulnerability:
Outlook 2002: Run code of attacker's choice via either web page or HTML e-mail. Previous versions: manipulate user's folder view
Customers using Outlook 2002 should apply the patch immediately. Customers using Outlook 2000 should consider applying the patch.
- Microsoft Outlook 2002
- Microsoft Outlook 2000
- Microsoft Outlook 98
- Microsoft Knowledge Base articles Q303833, Q303833, and Q303835 discussing this issue will be available approximately 24 hours after the release of this bulletin. Knowledge Base articles can be found on the Microsoft Online Support web site.
- Technical support is available from Microsoft Product Support Services. There is no charge for support calls associated with security patches.
Security Resources: The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- V1.0 (July 12, 2001): Bulletin Created.
- V2.0 (August 16, 2001): Bulletin updated to announce availability of patch.
- V2.1 (August 17, 2001): Bulletin updated to clarify the differing impact of the vulnerability on Outlook 2002 versus Outlook 2000 and 98.
- V2.2 (October 04, 2001): Bulletin updated to clarify the installation platforms and note that patch can be installed on Outlook 2000 SR-1
- V2.3 (June 13, 2003): Updated download links to Windows Update.