5458 matches found
CVE-1999-1033
Affected product: Microsoft Outlook Express prior to 4.72.3612.1700. Root cause: parsing of a message containing .. can cause Outlook to re-enter POP3 command mode. Impact: POP3 session hang (partial availability). Evidence: description and records in CVE-1999-1033 family. Remediation: apply patc...
CVE-1999-1016
Microsoft HTML control as used in 1 Internet Explorer 5.0, 2 FrontPage Express, 3 Outlook Express 5, and 4 Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service 100% CPU consumption via large HTML form fields such as text inputs in a table cell...
CVE-1999-1033
Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang...
CVE-2001-0999
Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script...
Большая дырка в Outlook Express (E-mail execution)
Можно заставить Outlook Express выполнить файл прикрепленный к письму указав тип MIME подразумевающий его немедленное открытие например поточное видео. Кроме того, имеются переполнения буфера. Имя файла обрезается до определенной позиции, что позволяет обойти защиту, используя безопасное...
OE6 + VBS + WSH + WIN200 + XP + HTML.DROPPER
We're examining resubmitting to bugtraq html.dropper now updated to in include an .exe http://www.securityfocus.com/bid/2260 - apparently the manufacturer didn't consider the original submission worthy of fixing as the same problem has been carried over to Outlook Express 6.00. On a default insta...
Выполнение кода в Outlook Express 6.00 (code execution)
Несмотря на установки зон безопасности можно запустить на выполнение внедренный в письмо .exe-файл используя его как SRC для фрейма...
carol clickme: Outlook Express 6.00
Wednesday, August 29, 2001 Trivial file attachment execution on the new Outlook Express 6.00 mail and news client. This can be achieved with an amount of engineering and all new so-called security features enabled. The manufacturer http://www.microsoft.com has done a splendid job so farof beefing...
Outlook Express 6 - Attachment Security Bypass
Outlook Express 6 - Attachment Security Bypass source: https://www.securityfocus.com/bid/3271/info Microsoft Outlook Express 6 contains a new security feature which prevents users from opening potentially harmful file attachments. A vulnerability exists which allows a file embedded within an HTML...
Outlook Express 6 - Attachment Security Bypass
source: https://www.securityfocus.com/bid/3271/info Microsoft Outlook Express 6 contains a new security feature which prevents users from opening potentially harmful file attachments. A vulnerability exists which allows a file embedded within an HTML frame in an email message to bypass the...
CVE-2001-1088
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof...
Microsoft Outlook 9798200045 - Address Book Spoofing
Microsoft Outlook 9798200045 - Address Book Spoofing source: https://www.securityfocus.com/bid/2823/info Outlook Express is the standard e-mail client that is shipped with Microsoft Windows 9x/ME/NT. The address book in Outlook Express is normally configured to make entries for all addresses that...
Microsoft Outlook 97/98/2000/4/5 - Address Book Spoofing
source: https://www.securityfocus.com/bid/2823/info Outlook Express is the standard e-mail client that is shipped with Microsoft Windows 9x/ME/NT. The address book in Outlook Express is normally configured to make entries for all addresses that are replied to by the user of the mail client. An...
SECURITY.NNOV: Outlook Express address book vulnerability
Issue : Outlook Express address book allows messages to be intercepted by 3rd party Date Released : 16 March 2001 Vendor Notified : 16 March 2001 Author : 3APA3A [email protected] Affected : Outlook Exress 5.5SP1 and prior Discovered : 18 December 2000 by 3APA3A Remotely Exploitable : Yes...
iexslt.txt
[email protected] Georgi Guninski security advisory 43, 2001 XML scripting in IE, Outlook Express Systems affected: Internet Explorer 5.x - including full patched up to now though Microsoft cannot reproduce the problem on fully patched IE 5.x ,Outlook Express probably Outlook have not tested...
CVE-2001-1325
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets XSL that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host WSH...
Microsoft Internet Explorer 5.05.5 OE 5.5 - XML Stylesheets Active Scripting
Microsoft Internet Explorer 5.05.5 OE 5.5 - XML Stylesheets Active Scripting source: https://www.securityfocus.com/bid/2633/info A vulnerability exists in the handling of XML stylesheets in Internet Explorer and Outlook Express. If active scripting is disabled in all security zones, IE and OE wil...
Microsoft Internet Explorer 5.0/5.5 / OE 5.5 - XML Stylesheets Active Scripting
source: https://www.securityfocus.com/bid/2633/info A vulnerability exists in the handling of XML stylesheets in Internet Explorer and Outlook Express. If active scripting is disabled in all security zones, IE and OE will still allow script to run if it is contained in the stylesheet of an XML...
Microsoft Outlook Express address book vulnerability
Issue : Outlook Express address book allows messages to be intercepted by 3rd party Date Released : 16 March 2001 Vendor Notified : 16 March 2001 Affected : Outlook Exress 5.5SP1 and prior Risk : Low/Average Discovered : 18 December 2000 by 3APA3A Remotely Exploitable : Yes Vendor URL :...
A subject line buffer overflow in Outlook Express (was Re: EML Content Spoofing and Informed Consent)
----- Original Message ----- From: "Dan Kaminsky" [email protected] To: [email protected] Sent: Wednesday, April 04, 2001 5:52 PM Subject: EML Content Spoofing and Informed Consent was: Re: MS patch Q292108 opens a vulnerability snip The short version of this: If I try to open a MP3 file...