Skip navigation
Menu
Collaboration>Email and Calendaring

MHTML Arbitrary Code Execution in Microsoft Outlook Express

Reported April 23, 2003, by Microsoft.

 

 

VERSIONS AFFECTED

 

·         Microsoft Outlook Express 6.0 and 5.5

 

DESCRIPTION

 

A vulnerability in Microsoft Outlook Express 6.0 and 5.5 can result in the execution of arbitrary code on the vulnerable system. This vulnerability is a result of flaw in the Mime Encapsulation of Aggregate HTML (MHTML) URL Handler. To exploit this vulnerability, an attacker can construct a URL and either host it on a Web site or send it by email. In the Web-based scenario, when a user clicks the site-hosted URL, the attacker can then read or launch files already present on the local machine.

 

VENDOR RESPONSE

Microsoft has released Security Bulletin MS03-014, "Cumulative Patch for Outlook Express (330994)," to address this vulnerability and recommends that affected users immediately apply the patch mentioned in the bulletin.

 

CREDIT                                                                                                       

Discovered by Microsoft.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
zoom logo
Zoom Releases New AI-Powered Collaboration Platform—Zoom Workspace—Plus Other Updates
Mar 26, 2024
person working from home using smart phone and notebook computer
Monitoring Employee Productivity, Balance Surveillance with Transparency
Jan 03, 2024
zoom logo on screens of laptop and smartphone device.jpg
At Zoomtopia, Small Businesses Share Transformation Stories
Oct 12, 2023
zoom logo
Zoom Unveils Docs, Upgrades Contact Center Offerings
Oct 03, 2023