457 matches found
Microsoft Outlook 5.5/2000 - Web Access HTML Attachment Script Execution
source: https://www.securityfocus.com/bid/8113/info OWA contains a vulnerability that may result in attacker-supplied script code executing within the context of the mail interface when processing e-mail containing HTML message attachments. It is possible to prevent filtering of the attachment by...
Microsoft Outlook 5.52000 - Web Access HTML Attachment Script Execution
Microsoft Outlook 5.52000 - Web Access HTML Attachment Script Execution source: https://www.securityfocus.com/bid/8113/info OWA contains a vulnerability that may result in attacker-supplied script code executing within the context of the mail interface when processing e-mail containing HTML messa...
Microsoft Outlook2000Express 6.0 - Arbitrary Program Execution
Microsoft Outlook2000Express 6.0 - Arbitrary Program Execution source: https://www.securityfocus.com/bid/6923/info Microsoft Outlook and Outlook Express may execute arbitrary programs through objects embedded in HTML email messages. When an email message or newsgroup message is viewed using...
Microsoft Outlook2000/Express 6.0 - Arbitrary Program Execution
source: https://www.securityfocus.com/bid/6923/info Microsoft Outlook and Outlook Express may execute arbitrary programs through objects embedded in HTML email messages. When an email message or newsgroup message is viewed using Outlook, a temporary object is created in the Internet Explorer cach...
O UT LO OK E XPRE SS 6 .00 : broken
Saturday, February 22, 2003 Technical silent delivery and installation of an executable no client input other than reading an email or viewing a newsgroup message. Outlook Express 6.00 SP1 Cumulative Pack 1 2 3 4 whatever. This should not be possible. When viewing an email message or a newsgroup...
CVE-2002-2108
Unknown vulnerability in the "VAIO Manual" software in certain Sony VAIO personal computers sold from November 2001 to January 2002, allows remote attackers to modify data via a web page or HTML e-mail...
CVE-2002-2100
Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content...
CVE-2002-2313
Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by...
Alleged Outlook Express 56 Link - Denial of Service
Alleged Outlook Express 56 Link - Denial of Service source: https://www.securityfocus.com/bid/5682/info Reportedly, when decoding a HTML email, Outlook Express will stop responding upon encountering a link longer than 4095 characters. It is not confirmed why this behaviour occurs...
Alleged Outlook Express 5/6 Link - Denial of Service
source: https://www.securityfocus.com/bid/5682/info Reportedly, when decoding a HTML email, Outlook Express will stop responding upon encountering a link longer than 4095 characters. It is not confirmed why this behaviour occurs...
CVE-2001-0726
CVE-2001-0726 concerns Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server. The issue arises when OWA is used with Internet Explorer and fails to properly detect certain inline script in HTML emails, which can allow remote attackers to perform arbitrary actions on a user’s Exchange mailbox....
CVE-2001-0726
Outlook Web Access OWA in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message...
CVE-2002-0481
An interaction between Windows Media Player WMP and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS Windows Media Skin or other WMP media files, whose onload handlers execute the...
Microsoft MSN Messenger Chat Control contains a buffer overflow in "ResDLL" parameter
Overview Microsoft's MSN Chat is an ActiveX control for Microsoft Messenger, an instant messaging client. A buffer overflow exists in the ActiveX control that may permit a remote attacker to execute arbitrary code on the system with the privileges of the current user. Description A buffer overflo...
CVE-2001-1326
CVE-2001-1326 affects Eudora 5.1, where remote code execution is possible when the "Use Microsoft Viewer" option is on and the "allow executables in HTML content" option is off. An HTML email containing a form activated from an image spoofed as a link causes the user to execute the form and acces...
CVE-2001-1326
Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to...
guninski-53.txt
Georgi Guninski security advisory 53, 2002 More Office XP problems Systems affected: Office XP Risk: High Date: 31 March 2002 Legal Notice: This Advisory is Copyright c 2002 Georgi Guninski. You may distribute it unmodified. You may not modify it and distribute it or distribute parts of it withou...
How Outlook 2002 can still execute JavaScript in an HTML email message
Hello, Windows Media Player WMP reintroduces the ability to automatically execute JavaScript code from an HTML email message in Outlook 2002. JavaScript is disabled by default in Outlook 2002, because it can facilitate the creation of worms and other malicious code which is carried by HTML email...
CVE-2001-0365
In the provided records, CVE-2001-0365 affects Eudora before 5.1. The vulnerability arises when the email client is configured with “Use Microsoft Viewer” and “allow executables in HTML content” enabled, allowing a remote attacker to execute arbitrary code via an HTML email containing Javascript ...
CVE-2001-0538
CVE-2001-0538 describes a vulnerability in the Microsoft Outlook View ActiveX control used by Outlook 2002 and earlier. The flaw allows remote attackers to execute arbitrary code by presenting a malicious HTML email or web page that invokes the control, effectively running code with the caller’s ...