Microsoft KB Archive/249793

From BetaArchive Wiki
Knowledge Base

Article ID: 249793

Article Last Modified on 11/6/2003


  • Microsoft Outlook 2000 Standard Edition

This article was previously published under Q249793


When you open an attachment in an Outlook item, the temporary file for the attachment is created in a known folder, presenting a possible security problem. For example, someone could use this knowledge to start programs on your computer without your permission.


To resolve this problem, obtain Microsoft Office 2000 Service Release 1/1a (SR-1/SR-1a).

To obtain SR-1/SR-1a, click the article number below to view the article in the Microsoft Knowledge Base:

245025 OFF2000: How to Obtain and Install Microsoft Office 2000 Service Release 1/1a (SR-1/SR-1a)


Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was corrected in Microsoft Office 2000 SR-1/SR-1a.


Microsoft Outlook Service Release 1 uses a new process to determine the location to which temporary files are written. When Outlook needs to create a temporary file (such as opening or inserting an attachment), it checks the following Windows registry key:


If there is a value named OutlookSecureTempFolder in that key, and it points to a valid file system path, then outlook uses that path to create the temporary files. If there is no OutlookSecureTempFolder value, then Outlook creates a new randomly named folder under the "Temporary Internet Files" system folder, and then creates and sets the registry value to point to the new folder. The value is not actually created until the first time that a temporary file needs to be created.

Since this value is in the HKEY_CURRENT_USER hive, the temporary folder will be different for each different user of the machine. To force Outlook to use a specific folder for temporary files, create or modify the OutlookSecureTempFolder registry value to point to the folder. Note that the path information for the OutlookSecureTempFolder value should be entered with a trailing backslash. For example:




Additional query words: OL2K temp directory

Keywords: kbbug kbfix KB249793