Reported April 23, 2003, by
Microsoft.
VERSIONS
AFFECTED
·
Microsoft
Outlook Express 6.0 and 5.5
DESCRIPTION
A vulnerability in
Microsoft Outlook Express 6.0 and 5.5 can result in the execution of arbitrary
code on the vulnerable system. This vulnerability is a result of flaw in the
Mime Encapsulation of Aggregate HTML (MHTML) URL Handler. To exploit this
vulnerability, an attacker can construct a URL and either host it on a Web site
or send it by email. In the Web-based scenario, when a user clicks the
site-hosted URL, the attacker can then read or launch files already present on
the local machine.
VENDOR
RESPONSE
CREDIT
Microsoft has released Security Bulletin
MS03-014, "Cumulative Patch for Outlook Express (330994)," to address this
vulnerability and recommends that affected users immediately apply the
patch mentioned in the bulletin.
Discovered by
Microsoft.
MHTML Arbitrary Code Execution in Microsoft Outlook Express
0 comments
Hide comments