[V U L N E R A B L E] Outlook Express

14/05/2004 - 16:35 por PUNTO | Informe spam
Microsoft Outlook Express Loading of Arbitrary Web Content
http://secunia.com/advisories/11607/


Release Date: 2004-05-14

Critical: Less critical
Impact: Security Bypass
Where: From remote

Software: Microsoft Outlook Express 6

Description:
http-equiv has reported a vulnerability in Microsoft Outlook Express,
allowing malicious people (e.g. spammers and phishers) to load arbitrary
content into the email client.

The problem is that Outlook Express normally prevents loading of content
from external ressources, however, by creating a "BASE HREF" with target
set to "_top" it is possible to make Outlook Express function as a
browser. This effectively allows spammers and others to bypass content and
spam filters if they can get the user to click the link.

No other security implications has currently been reported due to this
error.

Reportedly Microsoft Outlook Express 6 is affected. Other versions may
also be affected.

Solution:
Filter HTML based emails.



Tella A LA P.ta CALLE y sus perros tambien
 

Leer las respuestas

#1 Marc [MVP Windows]
14/05/2004 - 17:41 | Informe spam
"<:>" escribió en el mensaje news:
Microsoft Outlook Express Loading of Arbitrary Web Content
http://secunia.com/advisories/11607/


Release Date: 2004-05-14

Critical: Less critical
Impact: Security Bypass
Where: From remote

Software: Microsoft Outlook Express 6

Description:
http-equiv has reported a vulnerability in Microsoft Outlook Express,
allowing malicious people (e.g. spammers and phishers) to load arbitrary
content into the email client.

The problem is that Outlook Express normally prevents loading of content
from external ressources, however, by creating a "BASE HREF" with target
set to "_top" it is possible to make Outlook Express function as a
browser. This effectively allows spammers and others to bypass content and
spam filters if they can get the user to click the link.

No other security implications has currently been reported due to this
error.

Reportedly Microsoft Outlook Express 6 is affected. Other versions may
also be affected.

Solution:
Filter HTML based emails.



Tella A LA P.ta CALLE y sus perros tambien

Preguntas similares