header-logo
Suggest Exploit
vendor:
Outlook Express
by:
SecurityFocus
7.5
CVSS
HIGH
Security Policy Bypass
264
CWE
Product Name: Outlook Express
Affected Version From: Microsoft Outlook Express 5.5
Affected Version To: Microsoft Outlook Express 6.0
Patch Exists: YES
Related CWE: N/A
CPE: a:microsoft:outlook_express
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Microsoft Outlook Express Security Policy Bypass Vulnerability

Microsoft Outlook Express is reported prone to a security policy bypass vulnerability. The vulnerability presents itself if an attached image file is referenced using a specially crafted CID URI. This will result in a policy bypass because the image will be automatically rendered when the email is viewed in Outlook Express.

Mitigation:

Ensure that all images are scanned for malicious content before being rendered.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11447/info

Microsoft Outlook Express is reported prone to a security policy bypass vulnerability.

The vulnerability presents itself if an attached image file is referenced using a specially crafted CID URI.

This will result in a policy bypass because the image will be automatically rendered when the email is viewed in Outlook Express.

<CENTER><IMG SRC="CID:{F69034DE-F779-4AA2-B5A9-
7413133C2A29}/malware.JPG"></CENTER>

Navigation

Suggest Exploit

Services By CQR