62 matches found
HP ArcSight Enterprise Security Manager and Enterprise Security Manager Express Access Control Error Vulnerability
HP ArcSight ESM Enterprise Security Manager and ESM Express are both enterprise security management software with event correlation and security analysis capabilities from Hewlett Packard Enterprise HPE. The software collects, correlates and reports on enterprise-wide security events in real time...
CVE-2010-4442
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel...
Microsoft Outlook Express S/MIME Buffer Overflow Vulnerability
Binary data 1291.prm...
Outlook Express .wab File Processing Overflow
Binary data 3510.prm...
MSOE Javascript Execution Vulnerability
Note: This vulnerability as well as several more can be found at http://www.greyhats.cjb.net Outlook Express Window Opener Script Execution Vulnerability Tested Microsoft Outlook Express version 6.0.2800.1123. Microsoft Windows XP sp2 Discussion Microsoft Outlook Express is prone to a vulnerabili...
MS Outlook Express Javascript Execution Vulnerability
Exploit for unknown platform in category remote exploits ===================================================== MS Outlook Express Javascript Execution Vulnerability ===================================================== From: To: Subject:MSOE Scripting Example Content-Type:text/html click here to...
Microsoft Outlook Express - Window Opener
Microsoft Outlook Express - Window Opener Example: Alright microsoft. Get your act together. Seriously, this is the 3rd version of this vulnerability and we can still cause a drag and drop event. Well anyway, to the people that don't design easily exploited software, simply click the link on the...
Microsoft Outlook Express MHTML Forced File Execution Vulnerability
Description A vulnerability has been discovered in Microsoft Outlook Express when handling MHTML file and res URIs that could lead to an unexpected file being downloaded and executed. The problem occurs due to the component failing to securely handle MHTML file URIs that reference a non-existent...
Microsoft Internet Explorer and Outlook Express MHTML rendering engine incorrectly executes script in Local Computer Zone
Overview There is an MHTML input validation vulnerability in Outlook Express that may lead to arbitrary command and code execution in the Local Computer Zone of a victim host. Description Microsoft systems use components of Microsoft Outlook Express to render MHTML MIME Encapsulation of Aggregate...
Restricted Zone: the OUTLOOK EXPRESS
Tuesday, 20 May, 2003 Silent delivery and installation of an executable on a target computer. No client input other than opening an email or newsgroup post. This can be achieved with the default setting of Outlook Express: RESTRICTED ZONE. Technically the following never worked, cannot work,...
O UT LO OK E XPRE SS 6 .00 : broken
Saturday, February 22, 2003 Technical silent delivery and installation of an executable no client input other than reading an email or viewing a newsgroup message. Outlook Express 6.00 SP1 Cumulative Pack 1 2 3 4 whatever. This should not be possible. When viewing an email message or a newsgroup...
Bypassing SMTP Content Protection with a Flick of a Button
Bypassing SMTP Content Protection with a Flick of a Button ------------------------------------------------------------------------ Article reference: http://www.securiteam.com/securitynews/5YP0A0K8CM.html SUMMARY Forget underground hacking tools. How about using Outlook Express as your attack...
Microsoft Outlook Express 56 - MHTML URL Handler File Rendering
Microsoft Outlook Express 56 - MHTML URL Handler File Rendering source: https://www.securityfocus.com/bid/5473/info Microsoft Outlook Express introduced a URL handler called MHTML MIME Encapsulation of Aggregate HTML. This allows Internet Explorer to pass MHTML files to Outlook Express for...
Microsoft Outlook Express 5/6 - Spoofable File Extensions
source: https://www.securityfocus.com/bid/5277/info It is possible for a malicious user, sending email via a mail agent capable of manipulating the MIME headers, to spoof file extensions for users of Outlook Express. For example, an .exe file can be made to look like a .txt or other seemingly...
CVE-2002-0285
Outlook Express 5.5 and 6.0 on Windows treats a carriage return "CR" in a message header as if it were a valid carriage return/line feed combination CR/LF, which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only...
CVE-2001-1325
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets XSL that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host WSH...
Special DOS device DoS against Microsoft Outlook Express
Summary: ======== Affected: Outlook Express 5.5, 6.0 with all fixes Not tested: Microsoft Outlook Vendor: Microsoft Risk: Average Remote: Yes Exploitable: Yes Description: ========== Outlook Express hangs on HTML message with BGSOUND or IFRAME tag pointing to special device. Outlook Express will...
Большая дырка в Outlook Express (E-mail execution)
Можно заставить Outlook Express выполнить файл прикрепленный к письму указав тип MIME подразумевающий его немедленное открытие например поточное видео. Кроме того, имеются переполнения буфера. Имя файла обрезается до определенной позиции, что позволяет обойти защиту, используя безопасное...
Outlook Express 6 - Attachment Security Bypass
Outlook Express 6 - Attachment Security Bypass source: https://www.securityfocus.com/bid/3271/info Microsoft Outlook Express 6 contains a new security feature which prevents users from opening potentially harmful file attachments. A vulnerability exists which allows a file embedded within an HTML...
carol clickme: Outlook Express 6.00
Wednesday, August 29, 2001 Trivial file attachment execution on the new Outlook Express 6.00 mail and news client. This can be achieved with an amount of engineering and all new so-called security features enabled. The manufacturer http://www.microsoft.com has done a splendid job so farof beefing...