5506 matches found
Microsoft Java implementation allows execution of malicious code
Overview A class in Microsoft's Java virtual machine VM does not properly validate trusted applets, allowing untrusted applets to exploit native methods and execute arbitrary code. Description Microsoft's Java VM is installed on Windows 98, NT, 2000, and xp. It is used by Internet Explorer and...
Microsoft Outlook Express 5.56.0 - SMIME Buffer Overflow
Microsoft Outlook Express 5.56.0 - SMIME Buffer Overflow source: https://www.securityfocus.com/bid/5944/info Microsoft Outlook Express contains an unchecked buffer in the code that generates warning messages when certain error conditions associated with digital signatures are encountered. Executi...
Microsoft Outlook Express 5.5/6.0 - S/MIME Buffer Overflow
source: https://www.securityfocus.com/bid/5944/info Microsoft Outlook Express contains an unchecked buffer in the code that generates warning messages when certain error conditions associated with digital signatures are encountered. Execution of arbitrary code in the security context of the curre...
Bypassing SMTP Content Protection with a Flick of a Button
Bypassing SMTP Content Protection with a Flick of a Button ------------------------------------------------------------------------ Article reference: http://www.securiteam.com/securitynews/5YP0A0K8CM.html SUMMARY Forget underground hacking tools. How about using Outlook Express as your attack...
PT-2002-1876 · Microsoft · Outlook Express For Mac +3
Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions 98 through XP Office for Mac affected versions not specified Internet Explorer for Mac affected versions not specified Outlook Express for Mac affected versions not specified Description: The issue concerns the...
Alleged Outlook Express 56 Link - Denial of Service
Alleged Outlook Express 56 Link - Denial of Service source: https://www.securityfocus.com/bid/5682/info Reportedly, when decoding a HTML email, Outlook Express will stop responding upon encountering a link longer than 4095 characters. It is not confirmed why this behaviour occurs...
Alleged Outlook Express 5/6 Link - Denial of Service
source: https://www.securityfocus.com/bid/5682/info Reportedly, when decoding a HTML email, Outlook Express will stop responding upon encountering a link longer than 4095 characters. It is not confirmed why this behaviour occurs...
Microsoft Outlook Express 56 - MHTML URL Handler File Rendering
Microsoft Outlook Express 56 - MHTML URL Handler File Rendering source: https://www.securityfocus.com/bid/5473/info Microsoft Outlook Express introduced a URL handler called MHTML MIME Encapsulation of Aggregate HTML. This allows Internet Explorer to pass MHTML files to Outlook Express for...
Microsoft Outlook Express 5/6 - MHTML URL Handler File Rendering
source: https://www.securityfocus.com/bid/5473/info Microsoft Outlook Express introduced a URL handler called MHTML MIME Encapsulation of Aggregate HTML. This allows Internet Explorer to pass MHTML files to Outlook Express for rendering. The MHTML URL handler does not validate the file type it is...
Microsoft Outlook Express 6 - .XML File Attachment Script Execution
Microsoft Outlook Express 6 - .XML File Attachment Script Execution source: https://www.securityfocus.com/bid/5350/info An error has been reported in Microsoft Outlook Express which may allow malicious XML file attachments to execute arbitrary code in the context of the local system. Code executi...
Microsoft Outlook Express 6 - '.XML' File Attachment Script Execution
source: https://www.securityfocus.com/bid/5350/info An error has been reported in Microsoft Outlook Express which may allow malicious XML file attachments to execute arbitrary code in the context of the local system. Code execution could occur when the file attachment is opened, without further...
Microsoft Outlook Express 56 - Spoofable File Extensions
Microsoft Outlook Express 56 - Spoofable File Extensions source: https://www.securityfocus.com/bid/5277/info It is possible for a malicious user, sending email via a mail agent capable of manipulating the MIME headers, to spoof file extensions for users of Outlook Express. For example, an .exe fi...
Microsoft Outlook Express 5/6 - Spoofable File Extensions
source: https://www.securityfocus.com/bid/5277/info It is possible for a malicious user, sending email via a mail agent capable of manipulating the MIME headers, to spoof file extensions for users of Outlook Express. For example, an .exe file can be made to look like a .txt or other seemingly...
CVE-2002-0637
InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having or missing space characters in unexpected places aka "space gap", such as 1 Content-Type :", 2 "Content-Transfer-Encoding :", 3 no spac...
CVE-2001-1088
Affected products: Microsoft Outlook 8.5 and earlier; Outlook Express 5 and earlier. Vulnerability: When the option “Automatically put people I reply to in my address book” is enabled, the client does not notify the user if the reply-to address differs from the from address, enabling a remote att...
CVE-2002-0339
Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding CEF enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length...
Cisco IOS Cisco Express Forwarding (CEF) Previous Packet Information Disclosure (CSCdu20643)
If the remote device has Cisco Express Forwarding CEF enabled, it may leak information from previous packets that have been handled by the device. An attacker may use this flaw to sniff your network remotely. This vulnerability is documented as Cisco Bug ID CSCdu20643. C Tenable Network Security,...
CVE-2002-0285
Outlook Express 5.5 and 6.0 on Windows treats a carriage return "CR" in a message header as if it were a valid carriage return/line feed combination CR/LF, which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only...
Re: dH team & SECURITY.NNOV: special device access, information leakage and DoS in Outlook Express
At Wednesday 5/15/2002 03:11 PM +0400, you wrote: Title: Special device access and DoS in Microsoft Internet Exporer/Outlook Express/Outlook All versions of Windows have a reserved filenames referred to special devices such as prn, aux, nul, etc also called DOS devices. This might be related to a...
dH team & SECURITY.NNOV: special device access, information leakage and DoS in Outlook Express
Русская версия этой advisory приведена ниже. Original version of this advisory: http://www.security.nnov.ru/advisories/msiedos.asp Title: Special device access and DoS in Microsoft Internet Exporer/Outlook Express/Outlook Authors: ERRor, 3APA3A Date: May, 14 2002 Affected: Internet Explorer 6.0...