|
Outlook Express File Download Security Restriction Bypass
|
|
Secunia Advisory:
|
SA8841
|
|
|
Release Date:
|
2003-05-26
|
|
Popularity:
|
11,486 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Outlook Express 6
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
A vulnerability has been identified in Outlook Express, which can be exploited to bypass the file download security restriction.
It is possible to download a file in Outlook Express even though it has been configured to run in Internet Explorer's "Restricted Zone" and file downloads have been disabled.
The vulnerability can be exploited by constructing a special email. When viewed, the email will fetch an URL, which invokes a certain media file (eg. ".asf"). This will open Windows Media Player to play the media file. Script features in this can then open Internet Explorer and fetch an URL referencing a malicious file thereby circumventing the file download restriction.
NOTE: This vulnerability does not allow automatic download and execution of a file but presents the user with a download dialog box.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
