MS02-021: Word Mail Reply Arbitrary Script Execution (321804)
High Nessus Plugin ID 11325
SynopsisArbitrary code can be executed on the remote host through Word.
DescriptionOutlook 2000 and 2002 provide the option to use Microsoft Word as the email editor when creating and editing email in RTF or HTML.
There is a flaw in some versions of Word that could allow an attacker to execute arbitrary code when the user replies to a specially formed message using Word.
An attacker could use this flaw to execute arbitrary code on this host.
SolutionMicrosoft has released a set of patches for Office 2000 and 2002.