Microsoft Outlook Express Loading of Arbitrary Web Content
http://secunia.com/advisories/11607/
Release Date: 2004-05-14
Critical: Less critical
Impact: Security Bypass
Where: From remote
Software: Microsoft Outlook Express 6
Description:
http-equiv has reported a vulnerability in Microsoft Outlook Express,
allowing malicious people (e.g. spammers and phishers) to load arbitrary
content into the email client.
The problem is that Outlook Express normally prevents loading of content
from external ressources, however, by creating a "BASE HREF" with target
set to "_top" it is possible to make Outlook Express function as a
browser. This effectively allows spammers and others to bypass content and
spam filters if they can get the user to click the link.
No other security implications has currently been reported due to this
error.
Reportedly Microsoft Outlook Express 6 is affected. Other versions may
also be affected.
Solution:
Filter HTML based emails.
Tella A LA P.ta CALLE y sus perros tambien
Últimos mensajes - Powered by IBM
Palabras claves
Hacer una pregunta
Siga el debate
Tengo una respuesta
Martes 16 de abril - 06:57
Registrar
Leer las respuestas