Microsoft Outlook Express 4.x/5.x/6.0 Plaintext Email Security Policy Bypass Vulnerability

2004-10-18T00:00:00
ID EDB-ID:24687
Type exploitdb
Reporter http-equiv
Modified 2004-10-18T00:00:00

Description

Microsoft Outlook Express 4.x/5.x/6.0 Plaintext Email Security Policy Bypass Vulnerability. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/11447/info

Microsoft Outlook Express is reported prone to a security policy bypass vulnerability.

The vulnerability presents itself if an attached image file is referenced using a specially crafted CID URI.

This will result in a policy bypass because the image will be automatically rendered when the email is viewed in Outlook Express.

<CENTER><IMG SRC="CID:{F69034DE-F779-4AA2-B5A9-
7413133C2A29}/malware.JPG"></CENTER>