[V U L N E R A B L E] Outlook Express

14/05/2004 - 16:35 por PUNTO | Informe spam
Microsoft Outlook Express Loading of Arbitrary Web Content
http://secunia.com/advisories/11607/


Release Date: 2004-05-14

Critical: Less critical
Impact: Security Bypass
Where: From remote

Software: Microsoft Outlook Express 6

Description:
http-equiv has reported a vulnerability in Microsoft Outlook Express,
allowing malicious people (e.g. spammers and phishers) to load arbitrary
content into the email client.

The problem is that Outlook Express normally prevents loading of content
from external ressources, however, by creating a "BASE HREF" with target
set to "_top" it is possible to make Outlook Express function as a
browser. This effectively allows spammers and others to bypass content and
spam filters if they can get the user to click the link.

No other security implications has currently been reported due to this
error.

Reportedly Microsoft Outlook Express 6 is affected. Other versions may
also be affected.

Solution:
Filter HTML based emails.



Tella A LA P.ta CALLE y sus perros tambien

Preguntas similare

Leer las respuestas

#1 Marc [MVP Windows]
14/05/2004 - 17:41 | Informe spam
"<:>" escribió en el mensaje news:
Microsoft Outlook Express Loading of Arbitrary Web Content
http://secunia.com/advisories/11607/


Release Date: 2004-05-14

Critical: Less critical
Impact: Security Bypass
Where: From remote

Software: Microsoft Outlook Express 6

Description:
http-equiv has reported a vulnerability in Microsoft Outlook Express,
allowing malicious people (e.g. spammers and phishers) to load arbitrary
content into the email client.

The problem is that Outlook Express normally prevents loading of content
from external ressources, however, by creating a "BASE HREF" with target
set to "_top" it is possible to make Outlook Express function as a
browser. This effectively allows spammers and others to bypass content and
spam filters if they can get the user to click the link.

No other security implications has currently been reported due to this
error.

Reportedly Microsoft Outlook Express 6 is affected. Other versions may
also be affected.

Solution:
Filter HTML based emails.



Tella A LA P.ta CALLE y sus perros tambien

Respuesta Responder a este mensaje
#2 Marc [MVP Windows]
14/05/2004 - 17:41 | Informe spam
"<:>" escribió en el mensaje news:
Microsoft Outlook Express Loading of Arbitrary Web Content
http://secunia.com/advisories/11607/


Release Date: 2004-05-14

Critical: Less critical
Impact: Security Bypass
Where: From remote

Software: Microsoft Outlook Express 6

Description:
http-equiv has reported a vulnerability in Microsoft Outlook Express,
allowing malicious people (e.g. spammers and phishers) to load arbitrary
content into the email client.

The problem is that Outlook Express normally prevents loading of content
from external ressources, however, by creating a "BASE HREF" with target
set to "_top" it is possible to make Outlook Express function as a
browser. This effectively allows spammers and others to bypass content and
spam filters if they can get the user to click the link.

No other security implications has currently been reported due to this
error.

Reportedly Microsoft Outlook Express 6 is affected. Other versions may
also be affected.

Solution:
Filter HTML based emails.



Tella A LA P.ta CALLE y sus perros tambien

email Siga el debate Respuesta Responder a este mensaje
Ads by Google
Help Hacer una preguntaRespuesta Tengo una respuesta
Search Busqueda sugerida