Outlook Express Exposes User Mail

 
Outlook Express Exposes User Mail

Reported July 20 by Microsoft

VERSIONS AFFECTED
Microsoft Outlook Express 4.0 through 5.01

DESCRIPTION

By sending an unsuspecting user a specifically craft HTML message, a remote user could extract information from an Outlook Express mail preview pane and send that content to an offsite location for review.

VENDOR RESPONSE

Microsoft issued FAQ# FQ00-045 regarding this problem along with a patch and Support Online article Q267884, which also pertain to security issues MS00-043 and MS00-046.

Microsoft"s bulletin states that "this vulnerability can be eliminated by taking any of the following actions:

  • Installing the patch available at
    http://www.microsoft.com/windows/ie/download/critical/patch9.htm
  • Performing a default installation of Internet Explorer 5.01 Service Pack 1,
    http://www.microsoft.com/Windows/ie/download/ie501sp1.htm.
  • Performing a default installation of Internet Explorer 5.5
    (http://www.microsoft.com/windows/ie/download/ie55.htm)
    on any system except Windows 2000.

Note: The patch requires IE 4.01 SP2 (http://www.microsoft.com/windows/ie/download/ie401sp2.htm) or IE 5.01 (http://www.microsoft.com/windows/ie/download/ie501.htm) to install. Customers who install this patch on versions other than these may receive a message reading "This update does not need to be installed on this system". This message is incorrect. More information is available in KB article Q267884"

CREDIT
Discovered by Microsoft

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish