By sending an unsuspecting user a specifically craft HTML message, a remote user could extract information from an Outlook Express mail preview pane and send that content to an offsite location for review. VENDOR RESPONSE Microsoft issued FAQ# FQ00-045 regarding this problem along with a patch and Support Online article Q267884, which also pertain to security issues MS00-043 and MS00-046. Microsoft"s bulletin states that "this vulnerability can be eliminated by taking any of the
following actions: Note: The patch requires IE 4.01 SP2 (http://www.microsoft.com/windows/ie/download/ie401sp2.htm)
or IE 5.01 (http://www.microsoft.com/windows/ie/download/ie501.htm)
to install. Customers who install this patch on versions other than these may receive a
message reading "This update does not need to be installed on this system". This
message is incorrect. More information is available in KB article Q267884" CREDIT |
Outlook Express Exposes User Mail
0 comments
Hide comments