Outlook/Outlook Express NULL character DoS

Client hangs on POP3 receiving if message contains NULL character...

MS-Windows ME IE/Outlook/HelpCenter critical vulnerability

-- Summary -- From the Microsoft Security Bulletin MS03-006: " A security vulnerability is present in the Windows Me version of Help and Support Center .... An attacker could exploit the vulnerability by constructing a URL that, when clicked on by the user, would execute code of the attacker's...

Microsoft Outlook2000Express 6.0 - Arbitrary Program Execution

Microsoft Outlook2000Express 6.0 - Arbitrary Program Execution source: https://www.securityfocus.com/bid/6923/info Microsoft Outlook and Outlook Express may execute arbitrary programs through objects embedded in HTML email messages. When an email message or newsgroup message is viewed using...

CVE-2001-0145

Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field...

Microsoft Virtual Machine - Arbitrary Java Codebase Execution

Microsoft Virtual Machine - Arbitrary Java Codebase Execution source: https://www.securityfocus.com/bid/1812/info An attacker may gain read access on remote systems by specifying a custom codebase in a Java applet, and delivering to the victims via HTML email or a website. Any arbitrary codebase...

Очередная дырка в Internet Explorer/Outlook

Вызов GetObject позволяет обратиться к любому локальному файлу. SCRIPT alert"This script reads C:TEST.TXTnYou may need to create it"; a=GetObject"c:test.txt","htmlfile"; setTimeout"alerta.body.innerText;",2000; /SCRIPT...