5506 matches found
CVE-2001-1547
Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code...
Buffer over flow on Outlook express for Macintosh
--------------------------------------------------------------------- Buffer over flow on Outlook express for Macintosh Problem first discoverd:2001.7.26 Discoverd by: awacs@hawkeye Published: 2001.12.03 --------------------------------------------------------------------- Description: Outlook...
Переполнение буфера в Outlook Express for Macintosh (buffer overflow)
Переполнение буфера при длинной строке в письме...
CVE-2001-0945
Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line...
Проблемы с Secure Password Authentication в Outlook Express (weak encryption)
Авторизацию в Outlook Expres можно использовать для доступа к корпоративным ресурсам...
Outlook Express and SPA (Secure Password Authentication)
Topic: Outlook Express and SPA Secure Password Authentication Author: 3APA3A Affected Software: Internet Explorer 5.5, 6.0 Vendor: Microsoft Status: Informational 1. Background: Outlook Express doesn't support CRAM-MD5 or APOP and there is only one way to authenticate user on POP3/IMAP/SMTP serve...
Outlook Express and SPA (Secure Password Authentication)
Topic: Outlook Express and SPA Secure Password Authentication Author: 3APA3A [email protected] Affected Software: Internet Explorer 5.5, 6.0 Vendor: Microsoft Status: Informational 1. Background: Outlook Express doesn't support CRAM-MD5 or APOP and there is only one way to authenticate user...
CVE-1999-1016
Microsoft HTML control as used in 1 Internet Explorer 5.0, 2 FrontPage Express, 3 Outlook Express 5, and 4 Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service 100% CPU consumption via large HTML form fields such as text inputs in a table cell...
CVE-2001-0999
Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script...
CVE-1999-1033
Affected product: Microsoft Outlook Express prior to 4.72.3612.1700. Root cause: parsing of a message containing .. can cause Outlook to re-enter POP3 command mode. Impact: POP3 session hang (partial availability). Evidence: description and records in CVE-1999-1033 family. Remediation: apply patc...
CVE-1999-1033
Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang...
Большая дырка в Outlook Express (E-mail execution)
Можно заставить Outlook Express выполнить файл прикрепленный к письму указав тип MIME подразумевающий его немедленное открытие например поточное видео. Кроме того, имеются переполнения буфера. Имя файла обрезается до определенной позиции, что позволяет обойти защиту, используя безопасное...
OE6 + VBS + WSH + WIN200 + XP + HTML.DROPPER
We're examining resubmitting to bugtraq html.dropper now updated to in include an .exe http://www.securityfocus.com/bid/2260 - apparently the manufacturer didn't consider the original submission worthy of fixing as the same problem has been carried over to Outlook Express 6.00. On a default insta...
Выполнение кода в Outlook Express 6.00 (code execution)
Несмотря на установки зон безопасности можно запустить на выполнение внедренный в письмо .exe-файл используя его как SRC для фрейма...
Outlook Express 6 - Attachment Security Bypass
Outlook Express 6 - Attachment Security Bypass source: https://www.securityfocus.com/bid/3271/info Microsoft Outlook Express 6 contains a new security feature which prevents users from opening potentially harmful file attachments. A vulnerability exists which allows a file embedded within an HTML...
carol clickme: Outlook Express 6.00
Wednesday, August 29, 2001 Trivial file attachment execution on the new Outlook Express 6.00 mail and news client. This can be achieved with an amount of engineering and all new so-called security features enabled. The manufacturer http://www.microsoft.com has done a splendid job so farof beefing...
Outlook Express 6 - Attachment Security Bypass
source: https://www.securityfocus.com/bid/3271/info Microsoft Outlook Express 6 contains a new security feature which prevents users from opening potentially harmful file attachments. A vulnerability exists which allows a file embedded within an HTML frame in an email message to bypass the...
CVE-2001-1088
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof...
Microsoft Outlook 9798200045 - Address Book Spoofing
Microsoft Outlook 9798200045 - Address Book Spoofing source: https://www.securityfocus.com/bid/2823/info Outlook Express is the standard e-mail client that is shipped with Microsoft Windows 9x/ME/NT. The address book in Outlook Express is normally configured to make entries for all addresses that...
Microsoft Outlook 97/98/2000/4/5 - Address Book Spoofing
source: https://www.securityfocus.com/bid/2823/info Outlook Express is the standard e-mail client that is shipped with Microsoft Windows 9x/ME/NT. The address book in Outlook Express is normally configured to make entries for all addresses that are replied to by the user of the mail client. An...