5458 matches found
Special DOS-device access in Microsoft Outlook Express
It's possible to hang Outlooks Express by using prn: device as a name for bgsound or iframe. It's also possible to send data to special device...
Microsoft Outlook Express 5.5 - Denial of Service Device Denial of Service
source: https://www.securityfocus.com/bid/4584/info A denial of service issue has been reported in Microsoft Outlook Express. Reportedly, Outlook Express does not adequately handle unusually crafted HTML mail messages. Modifying the BGSOUND or IFRAME tag to contain a URL pointing to a DOS device,...
w00w00 on Microsoft IE/Office for Mac OS
w00w00 http://www.w00w00.org Angry Packet Security http://sec.angrypacket.com Vulnerability in Multiple Microsoft Products for Mac OS HTML format: http://www.w00w00.org/advisories/msmacos.html Text format: http://www.w00w00.org/files/advisories/msmacos.txt SOFTWARE VERSIONS AFFECTED Microsft...
More fun with html mail: Outlook Express, Internet Explorer, Other etc
Sunday, April 14, 2002 1. Not Possible Technically it cannot be possible to create an html mail message from a mailto url scheme without user input. However shoe-horning html in through insertion of script tags does make it possible. Default installation of Outlook Express and probably Outlook, i...
Outlook Express Attach Execution Exploit (img tag + innerHTML + TIF dos name)
Using some informations posted on Bugtraq in this week, I found a very simple way to exploit "download&execution" of an .EXE file, directly from Outlook Express. This is my report: When an HTML page attached into a message, is started, it runs in the security zone of "Temporary Internet Files" TI...
HELP.dropper: IE6, OE6, Outlook...lookOut
Thursday, 28 March, 2002 Silent delivery and installation of an executable on a target computer. No client input other than opening an email or newsgroup post or web site. This can be accomplished with the default installation of Internet Explorer 6.0, Outlook Express 6.0 and probably Outlook and...
Cisco IOS discloses fragments of previous packets when Express Forwarding is enabled
Overview A vulnerability exists in multiple versions of Cisco's Internetworking Operating System IOS software that allows an attacker to collect fragments of previously processed packets. Description Many networking devices running Cisco IOS with Cisco Express Forwarding CEF enabled contain a...
Cisco Security Advisory: Data Leak with Cisco Express Forwarding
-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: Data Leak with Cisco Express Forwarding Enabled Revision 1.0 For Public Release 2002 February 27 08:00 UTC -0800 - -------------------------------------------------------------------------- Summary ======= All Cisco devices running Cisco...
Data Leak with Cisco Express Forwarding Enabled
...
CVE-2001-0945
CVE-2001-0945 describes a buffer overflow in Outlook Express 5.0–5.02 for Macintosh triggered by an email message containing a long line, allowing remote attackers to cause a denial of service. The underlying issue is a buffer overflow in handling long lines; impact is a denial of service with pa...
CVE-2001-0999
Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script...
CVE-2001-0999
CVE-2001-0999 concerns Outlook Express 6.00, where remote attackers could cause arbitrary script execution by embedding SCRIPT tags in a message with MIME type text/plain. This contradicts the expected behavior that text/plain messages do not run scripts. The available references (NVD, CVE List) ...
CVE-2001-0945
Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line...
CVE-2001-1547
Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code...
Переполнение буфера в Outlook Express for Macintosh (buffer overflow)
Переполнение буфера при длинной строке в письме...
Buffer over flow on Outlook express for Macintosh
--------------------------------------------------------------------- Buffer over flow on Outlook express for Macintosh Problem first discoverd:2001.7.26 Discoverd by: awacs@hawkeye Published: 2001.12.03 --------------------------------------------------------------------- Description: Outlook...
CVE-2001-0945
Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line...
Проблемы с Secure Password Authentication в Outlook Express (weak encryption)
Авторизацию в Outlook Expres можно использовать для доступа к корпоративным ресурсам...
Outlook Express and SPA (Secure Password Authentication)
Topic: Outlook Express and SPA Secure Password Authentication Author: 3APA3A Affected Software: Internet Explorer 5.5, 6.0 Vendor: Microsoft Status: Informational 1. Background: Outlook Express doesn't support CRAM-MD5 or APOP and there is only one way to authenticate user on POP3/IMAP/SMTP serve...
Outlook Express and SPA (Secure Password Authentication)
Topic: Outlook Express and SPA Secure Password Authentication Author: 3APA3A [email protected] Affected Software: Internet Explorer 5.5, 6.0 Vendor: Microsoft Status: Informational 1. Background: Outlook Express doesn't support CRAM-MD5 or APOP and there is only one way to authenticate user...