Microsoft Outlook and Outlook Express are reported to be prone to store various files, which may contain attacker-supplied content, in predictable locations.
This may present a security risk because many known (and potential) Internet Explorer vulnerabilities depend on the attacker being able to directly reference malicious content on a victim system. Given both the ability to place such content on the file system and reference it specifically by location, exploitation of many browser-based vulnerabilities becomes possible. Other securiy consequences also exist, such as disclosure of Address Book contents.
Workaround:
Users should apply the Outlook E-Mail Security Update to mitigate some possible attack vectors for exploitation of these weaknesses in concert with other vulnerabilities. It should be noted that this will not mitigate all possible attacks but will provide a heightened level of security against attacks launched via HTML e-mail.
ublished Feb 20, 2004
updated Feb 20, 2004
vulnerable Microsoft Outlook 2000 SP3
Microsoft Outlook 2000 SP2
Microsoft Outlook 2000
Microsoft Outlook 2002 SP2
Microsoft Outlook 2002 SP1
Microsoft Outlook 2002
Microsoft Outlook 2003
Microsoft Outlook Express 4.0 1 SP2
Microsoft Outlook Express 4.0
Microsoft Outlook Express 4.27.3110
Microsoft Outlook Express 4.72.2106
Microsoft Outlook Express 4.72.3120
Microsoft Outlook Express 4.72.3612
Microsoft Outlook Express 5.0 1
Microsoft Outlook Express 5.0
Microsoft Outlook Express 5.5
Microsoft Outlook Express 6.0
http://www.securityfocus.com/bid/9709/info/

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic