Outlook Express Exposes User Mail

Outlook Express Exposes User Mail
Reported July 20 by Microsoft

VERSIONS AFFECTED

Microsoft Outlook Express 4.0 through 5.01

DESCRIPTION

By sending an unsuspecting user a specifically craft HTML message, a remote user could extract information from an Outlook Express mail preview pane and send that content to an offsite location for review.

VENDOR RESPONSE

Microsoft issued FAQ# FQ00-045 regarding this problem along with a patch and Support Online article Q267884, which also pertain to security issues MS00-043 and MS00-046.

Microsoft"s bulletin states that "this vulnerability can be eliminated by taking any of the following actions:

Installing the patch available at
http://www.microsoft.com/windows/ie/download/critical/patch9.htm

Performing a default installation of Internet Explorer 5.01 Service Pack 1,
http://www.microsoft.com/Windows/ie/download/ie501sp1.htm.

Performing a default installation of Internet Explorer 5.5
(http://www.microsoft.com/windows/ie/download/ie55.htm)
on any system except Windows 2000.

Note: The patch requires IE 4.01 SP2 (http://www.microsoft.com/windows/ie/download/ie401sp2.htm) or IE 5.01 (http://www.microsoft.com/windows/ie/download/ie501.htm) to install. Customers who install this patch on versions other than these may receive a message reading "This update does not need to be installed on this system". This message is incorrect. More information is available in KB article Q267884"

CREDIT
Discovered by Microsoft

Comments

Plain text