5458 matches found
O UT LO OK E XPRE SS 6 .00 : broken
Saturday, February 22, 2003 Technical silent delivery and installation of an executable no client input other than reading an email or viewing a newsgroup message. Outlook Express 6.00 SP1 Cumulative Pack 1 2 3 4 whatever. This should not be possible. When viewing an email message or a newsgroup...
CVE-2002-2202
Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email...
CVE-2002-1169
IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service crash via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash...
CVE-2002-1168
Cross-site scripting XSS vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" CRLF sequence, which echoes the Location as an HTTP...
CVE-2002-1167
Cross-site scripting XSS vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request...
CVE-2002-1179
Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message...
CVE-2002-1167
Cross-site scripting XSS vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request...
CVE-2002-1168
CVE-2002-1168 describes a cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26. An attacker can force the server to echo a CRLF-containing Location header (%0a%0d) in HTTP responses, allowing script execution in the context of anothe...
CVE-2002-1167
IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x prior to 4.0.1.26 is affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to execute scripts as other users via an HTTP GET request. The connected documents confirm the affected product and method but do not p...
CVE-2002-1168
Cross-site scripting XSS vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" CRLF sequence, which echoes the Location as an HTTP...
Outlook Express Remote Code Execution in Preview Pane (S/MIME)
Outlook Remote Code Execution in Preview Pane S/MIME ------------------------------------------------------------------------ Article reference: http://www.securiteam.com/windowsntfocus/6D00B005PU.html SUMMARY The S/MIME standard attempts to raise the level of trust of email messages by enabling...
Security Bulletin MS02-058: Unchecked Buffer in Outlook Express S/MIME Parsing Could Enable System Compromise (Q328676)
---------------------------------------------------------------------- Title: Unchecked Buffer in Outlook Express S/MIME Parsing Could Enable System Compromise Q328676 Date: 10 October 2002 Software: Outlook Express Impact: Run code of attacker's choice. Max Risk: Critical Bulletin: MS02-058...
Outlook Express S/MIME buffer voerflow
Buffer overflow on certificate warning window...
Microsoft Java implementation allows execution of malicious code
Overview A class in Microsoft's Java virtual machine VM does not properly validate trusted applets, allowing untrusted applets to exploit native methods and execute arbitrary code. Description Microsoft's Java VM is installed on Windows 98, NT, 2000, and xp. It is used by Internet Explorer and...
Microsoft Outlook Express 5.56.0 - SMIME Buffer Overflow
Microsoft Outlook Express 5.56.0 - SMIME Buffer Overflow source: https://www.securityfocus.com/bid/5944/info Microsoft Outlook Express contains an unchecked buffer in the code that generates warning messages when certain error conditions associated with digital signatures are encountered. Executi...
Microsoft Outlook Express 5.5/6.0 - S/MIME Buffer Overflow
source: https://www.securityfocus.com/bid/5944/info Microsoft Outlook Express contains an unchecked buffer in the code that generates warning messages when certain error conditions associated with digital signatures are encountered. Execution of arbitrary code in the security context of the curre...
Bypassing SMTP Content Protection with a Flick of a Button
Bypassing SMTP Content Protection with a Flick of a Button ------------------------------------------------------------------------ Article reference: http://www.securiteam.com/securitynews/5YP0A0K8CM.html SUMMARY Forget underground hacking tools. How about using Outlook Express as your attack...
PT-2002-1876 · Microsoft · Outlook Express For Mac +3
Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions 98 through XP Office for Mac affected versions not specified Internet Explorer for Mac affected versions not specified Outlook Express for Mac affected versions not specified Description: The issue concerns the...
Alleged Outlook Express 56 Link - Denial of Service
Alleged Outlook Express 56 Link - Denial of Service source: https://www.securityfocus.com/bid/5682/info Reportedly, when decoding a HTML email, Outlook Express will stop responding upon encountering a link longer than 4095 characters. It is not confirmed why this behaviour occurs...
Alleged Outlook Express 5/6 Link - Denial of Service
source: https://www.securityfocus.com/bid/5682/info Reportedly, when decoding a HTML email, Outlook Express will stop responding upon encountering a link longer than 4095 characters. It is not confirmed why this behaviour occurs...