COMMAND

    media

SYSTEMS AFFECTED

    Outlook 2000, Windows Media Player 7

PROBLEM

    Following is based on a USSR Advisory USSR-2000053.  The USSR Team
    has found a problem in the Windows Media Player 7 ActiveX control,
    which  could  be  used  in  a  denial  of  service  attack against
    RTF-enabled  e-mail  clients  such  as  Outlook  2000  and Outlook
    Express.

    If the affected control were programmatically embedded into an RTF
    mail and then sent to  another user, the user's mail  client would
    fail when he closed/moved the mail.

    Malformed WMP Embedded RTF/Email Spawner:

        Windows Console Version: http://www.ussrback.com/wmp/wmpoutlook.exe
        Windows Console Version Source: http://www.ussrback.com/wmp/wmpoutlook.zip

SOLUTION

    Fix:

        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24421