Cumulative Patch for Outlook Express

By Thomas McGuire on April 23, 2003, 2:02 PM
A vulnerability exists in the MHTML URL Handler that allows any file that can be rendered as text to be opened & rendered as part of a page in Internet Explorer. As a result, it would be possible to construct a URL that referred to a text file that was stored on the local computer & have that file render as HTML. If the text file contained script, that script would execute when the file was accessed. Since the file would reside on the local computer, it would be rendered in the Local Computer Security Zone. Files that are opened within the Local Computer Zone are subject to fewer restrictions than files opened in other security zones.

Affected Software:
Microsoft Outlook Express 5.5
Microsoft Outlook Express 6.0

Patch availability
Microsoft Outlook Express

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.