Title: Microsoft Outlook / Outlook Express Cache Bypass Vulnerability
Severity: MODERATE
Description:
The Internet Explorer Security Architecture (which handles all incoming HTML processing, via email or web) controls the cache of Outlook / Outlook Express. Under normal circumstances, all incoming HTML email with inline data should be downloaded to the cache and opened with an Internet Zone security setting. Through certain methods, a user could send a HTML email with an inline file to a remote system which would be downloaded outside of Microsoft Outlook / Outlook Express' cache to a known location with the security setting of Local Computer Zone which has considerably higher privileges than Internet Zone.
If the email recipient were misled to open the file, the remote user would be able to gain read access on the system. This vulnerability could lead to the placement of executables on the recipient's system if coupled with other types of attacks.
Affected Products:
- Microsoft Outlook 2000 0.0.0
- Microsoft Outlook 97 0.0.0
- Microsoft Outlook 98 0.0.0
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
