|
|
|
|
|
| Report ID: | SA7272 |
| Source: | Secunia |
| Date of Discovery: | 10.10.2002 |
| Criticality: | Urgent |
| Affects: | Microsoft Outlook Express 5.5
Microsoft Outlook Express 6 |
| Compromise From: | From remote
|
| Compromise Type: | System access
|
|
|
Summary
|
Microsoft OutLook Express suffers a vulnerability allowing attackers to construct malicious S/MIME e-mails that may execute arbitrary code when viewed.
|
|
|
|
|
|
|
Detailed Description
|
Microsoft OutLook Express suffers a vulnerability allowing attackers to construct malicious S/MIME e-mails that may execute arbitrary code when viewed.
This vulnerability gives the attacker the rights of the logged in user. This vulnerability has the potential to be abused by malware like viruses.
This is exploitable regardless of the security settings in Outlook Express.
|
|
|
|
|
| Solution |
Microsoft has issued patches which should be applied as soon as possible:
Patch:
http://www.microsoft.com/windows/ie/downloads/critical/q328676/default.asp
It may be installed on:
The patch for Outlook Express 6.0 can be applied to systems running Outlook Express 6.0 Gold
The patch for Outlook Express 5.5 can be applied to systems running Outlook Express 5.5 Service Pack 2.
A fix for this issue is included in Service Pack 1 for Internet Explorer 6 and Service Pack 1 for Windows XP. |
|
|
|
|
| CVE Reference |
|
|
|
|
|
|
|
| F-Secure Corporation |
|
|
|
|
|
|
|
|
