5458 matches found
Microsoft Outlook Express 56 - MHTML URL Handler File Rendering
Microsoft Outlook Express 56 - MHTML URL Handler File Rendering source: https://www.securityfocus.com/bid/5473/info Microsoft Outlook Express introduced a URL handler called MHTML MIME Encapsulation of Aggregate HTML. This allows Internet Explorer to pass MHTML files to Outlook Express for...
Microsoft Outlook Express 5/6 - MHTML URL Handler File Rendering
source: https://www.securityfocus.com/bid/5473/info Microsoft Outlook Express introduced a URL handler called MHTML MIME Encapsulation of Aggregate HTML. This allows Internet Explorer to pass MHTML files to Outlook Express for rendering. The MHTML URL handler does not validate the file type it is...
Microsoft Outlook Express 6 - .XML File Attachment Script Execution
Microsoft Outlook Express 6 - .XML File Attachment Script Execution source: https://www.securityfocus.com/bid/5350/info An error has been reported in Microsoft Outlook Express which may allow malicious XML file attachments to execute arbitrary code in the context of the local system. Code executi...
Microsoft Outlook Express 6 - '.XML' File Attachment Script Execution
source: https://www.securityfocus.com/bid/5350/info An error has been reported in Microsoft Outlook Express which may allow malicious XML file attachments to execute arbitrary code in the context of the local system. Code execution could occur when the file attachment is opened, without further...
Microsoft Outlook Express 56 - Spoofable File Extensions
Microsoft Outlook Express 56 - Spoofable File Extensions source: https://www.securityfocus.com/bid/5277/info It is possible for a malicious user, sending email via a mail agent capable of manipulating the MIME headers, to spoof file extensions for users of Outlook Express. For example, an .exe fi...
Microsoft Outlook Express 5/6 - Spoofable File Extensions
source: https://www.securityfocus.com/bid/5277/info It is possible for a malicious user, sending email via a mail agent capable of manipulating the MIME headers, to spoof file extensions for users of Outlook Express. For example, an .exe file can be made to look like a .txt or other seemingly...
CVE-2002-0637
InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having or missing space characters in unexpected places aka "space gap", such as 1 Content-Type :", 2 "Content-Transfer-Encoding :", 3 no spac...
CVE-2001-1088
Affected products: Microsoft Outlook 8.5 and earlier; Outlook Express 5 and earlier. Vulnerability: When the option “Automatically put people I reply to in my address book” is enabled, the client does not notify the user if the reply-to address differs from the from address, enabling a remote att...
CVE-2002-0339
Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding CEF enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length...
Cisco IOS Cisco Express Forwarding (CEF) Previous Packet Information Disclosure (CSCdu20643)
If the remote device has Cisco Express Forwarding CEF enabled, it may leak information from previous packets that have been handled by the device. An attacker may use this flaw to sniff your network remotely. This vulnerability is documented as Cisco Bug ID CSCdu20643. C Tenable Network Security,...
CVE-2002-0285
Outlook Express 5.5 and 6.0 on Windows treats a carriage return "CR" in a message header as if it were a valid carriage return/line feed combination CR/LF, which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only...
Re: dH team & SECURITY.NNOV: special device access, information leakage and DoS in Outlook Express
At Wednesday 5/15/2002 03:11 PM +0400, you wrote: Title: Special device access and DoS in Microsoft Internet Exporer/Outlook Express/Outlook All versions of Windows have a reserved filenames referred to special devices such as prn, aux, nul, etc also called DOS devices. This might be related to a...
dH team & SECURITY.NNOV: special device access, information leakage and DoS in Outlook Express
Русская версия этой advisory приведена ниже. Original version of this advisory: http://www.security.nnov.ru/advisories/msiedos.asp Title: Special device access and DoS in Microsoft Internet Exporer/Outlook Express/Outlook Authors: ERRor, 3APA3A Date: May, 14 2002 Affected: Internet Explorer 6.0...
Special device access and DoS in Microsoft Internet Exporer
Title: special device access and DoS in Microsoft Internet Exporer/Outlook Express/Outlook Authors: ERRor, 3APA3A Date: May, 14 2002 Affected: Internet Explorer 6.0 Vendor: Microsoft Risk: Average to high Remote: Yes Exploitable: Yes Vendor notified: April, 24 2002 Intro: All versions of Windows...
CVE-2002-0285
Outlook Express 5.5 and 6.0 on Windows treats a carriage return "CR" in a message header as if it were a valid carriage return/line feed combination CR/LF, which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only...
CVE-2002-0285
Outlook Express 5.5 and 6.0 on Windows is affected. A CR in a message header is treated as a valid CR/LF, allowing header splitting that can bypass virus protection and other filters by sending a mail message whose headers contain only the CR, which causes Outlook to create separate headers. Root...
CVE-2001-1325
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets XSL that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host WSH...
CVE-2001-1325
CVE-2001-1325 affects Internet Explorer 5.0/5.5 and Outlook Express 5.0/5.5. The vulnerability allows remote script execution when Active Scripting is disabled if scripts are embedded in XML stylesheets (XSL) loaded via an IFRAME, potentially tied to Windows Scripting Host (WSH). OpenVAS findings...
Special DOS device DoS against Microsoft Outlook Express
Summary: ======== Affected: Outlook Express 5.5, 6.0 with all fixes Not tested: Microsoft Outlook Vendor: Microsoft Risk: Average Remote: Yes Exploitable: Yes Description: ========== Outlook Express hangs on HTML message with BGSOUND or IFRAME tag pointing to special device. Outlook Express will...
Microsoft Outlook Express 5.5 - Denial of Service Device Denial of Service
Microsoft Outlook Express 5.5 - Denial of Service Device Denial of Service source: https://www.securityfocus.com/bid/4584/info A denial of service issue has been reported in Microsoft Outlook Express. Reportedly, Outlook Express does not adequately handle unusually crafted HTML mail messages...