Outlook and IE for Mac - 22 Dec 1999

Outlook and IE for Mac

Reported December 22, 1999 by

Outlook 5.0 for Macintosh
  • Internet Explorer 4.5 for Macintosh

    According to Microsoft"s bulletin on the matter, "By design, when an HTML mail is received, the mail content is downloaded onto the user"s machine and processed. However, attachments to the mail should not be downloaded unless the user requests it. A flaw in Outlook Express 5 for Macintosh causes it to download all content, including attachments. The vulnerability does not provide a way for a malicious user to launch the downloaded attachments."

    "The second issue involves several digital certificates that are included in Internet Explorer 4.5 for Macintosh. These certificates are due to expire on December 31, 1999. The patch provides updated certificates, and also adds support for X509 V3 certificates. There is no security vulnerability associated with this issue; Microsoft is simply providing the replacement certificates and X.509 V3 support as a community service."

    "It is important to note that both the security vulnerability and the certificate expiration issue affect only Outlook Express and Internet Explorer on the Macintosh; the Windows versions of these products are not affected."


    Microsoft released a patch, a FAQ, and a Support Online article regarding this matter.

    Discovered by

    Hide comments


    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.