Persistent Mail-Browser Link Vulnerability

A security vulnerability exists affecting Microsoft® Outlook Express which could allow a malicious user to send an email that would "read over the shoulder" of the recipient as he previews subsequent emails in Outlook Express.

Issue

By design, HTML mail can contain script, and among the actions such a script can take is to open a browser window that links back to the Outlook Express windows. Also by design, script in the browser window could read the HTML mail that is displayed in Outlook Express. However, a vulnerability results because the link could be made persistent. This could allow the browser window to retrieve the text of mails subsequently displayed in the preview pane, and relay it to the malicious user.

There are several significant restrictions on this vulnerability:

• Only the recipient could open the HTML mail that established the link.
• The attack would only persist until the user either closed the browser window that the HTML mail opened, or closed Outlook Express.
• The malicious user could only read mails that were displayed in the preview pane. If the preview pane feature were disabled, he could not read mails under any conditions.

The vulnerability is eliminated in Outlook Express 5.5, and customers who have installed it do not need to take any additional action. Outlook Express 5.5 is available as part of Internet Explorer 5.01 Service Pack 1, and, except when installed on Windows 2000, Internet Explorer 5.5. A patch is available for customers who prefer not to upgrade to Outlook Express 5.5.

Affected Products

• Microsoft Outlook Express 4.x & 5.x

Download

Patch: http://www.microsoft.com/windows/ie/download/critical/patch9.htm

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: June 20, 2000

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<