Microsoft Outlook Express Multiple Vulnerabilities

2005-07-12T00:00:00
ID SMNTC-14225
Type symantec
Reporter Symantec Security Response
Modified 2005-07-12T00:00:00

Description

Description

Microsoft has released an update to address various issues affecting Outlook Express 6.0 running on Windows XP. These issues may allow remote attackers to cause the client to crash or disclose sensitive information. Reportedly remote attackers may cause the client to crash by sending specially crafted email messages. Another issue allows the default news server account to be displayed when a user replies to 'watched' conversation threads from multiple computers. This BID will be updated when more details become available.

Technologies Affected

  • Microsoft Outlook Express 6.0
  • Microsoft Outlook Express 6.0 SP1
  • Microsoft Outlook Express 6.0 SP2

Recommendations

Run all software as a nonprivileged user with minimal access rights.
Running client applications as an unprivileged user with minimal access rights will limit the consequences of successful exploitation of latent vulnerabilities.

Do not accept communications that originate from unknown or untrusted sources.
Users should be wary of opening email messages that arrive unexpected, have suspicious properties, or originate from an unknown or suspicious source.

Microsoft has released an update to address this issue in Outlook Express 6.0 running on Microsoft Windows XP SP2.