Incorrect MIME Header Can Cause Internet Explorer to Execute Email

Reported March 29, 2001, by Microsoft.

 

VERSIONS AFFECTED

  • Internet Explorer 5.01 and 5.5

DESCRIPTION

By modifying the MIME header in the email message, a malicious attacker can cause Internet Explorer (IE) to automatically launch attachments. An attacker can instigate such an attack by embedding a malicious email message in a Web site, or by sending email directly to a user. 

VENDOR RESPONSE

Microsoft has issued security bulletin MS01-020 and a fix to address this vulnerability.

CREDIT
Discovered by Juan Carlos Cuartango.
TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish