header-logo
Suggest Exploit
vendor:
Outlook Express
by:
Malware.com
7.5
CVSS
HIGH
Cross-site scripting
79
CWE
Product Name: Outlook Express
Affected Version From: Microsoft Outlook Express 5.5
Affected Version To: Microsoft Outlook Express 6.0
Patch Exists: Yes
Related CWE: N/A
CPE: a:microsoft:outlook_express
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2003

Re-introduced Weakness in Microsoft Outlook Express

It has been reported that a weakness may have been re-introduced into Microsoft Outlook Express. According to the source, the issue described in Bugtraq ID 3334 had been fixed by Microsoft but appears to have resurfaced. An attacker can exploit this vulnerability by crafting a malicious HTML email containing a malicious JavaScript code in the 'dynsrc' attribute of an 'img' tag and a malicious HTML code in a 'font' tag. When the email is viewed, the malicious code will be executed in the context of the user's browser.

Mitigation:

Microsoft has released a patch to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8281/info

It has been reported that a weakness may have been re-introduced into Microsoft Outlook Express. According to the source, the issue described in Bugtraq ID 3334 had been fixed by Microsoft but appears to have resurfaced. 

It should be noted that Symantec has no record of the original issue being fixed. This record will be updated as more information becomes available.

MIME-Version: 1.0
Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
X-Source: 25.07.03 http://www.malware.com

<img dynsrc=javascript:alert()><font color=red>foo

Navigation

Suggest Exploit

Services By CQR