Microsoft Outlook Express 6 Plain Text Message Script Execution
Vulnerability
Microsoft Outlook Express 6 contains a vulnerability which allows an email message of
content-type 'text/plain' to execute specifically crafted scripting components.
It is important to note that Outlook Express 6 does not allow any scripting to be executed
by default. This security feature must be turned off in order to exploit this vulnerability.
Solution:A workaround is to disable scripting in Outlook Express.
bugtraq id
3334
class
Unknown
cve
CVE-MAP-NOMATCH
remote
Yes
local
No
published
September 12, 2001
updated
September 12, 2001
vulnerable
Microsoft Outlook Express 6.0
- Microsoft Windows ME
- Microsoft Windows 98se
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
+ Microsoft Windows 2000
- Microsoft Windows 2000 SP1
+ Microsoft Windows 2000
- Microsoft Windows 2000