HTML Mail Attachment Vulnerability
A security vulnerability exists in the Microsoft® Outlook Express mail client for Macintosh systems. The vulnerability could allow attachments to HTML mails to be automatically downloaded onto the user's computer.
Issue
There are two issues here. The first is a security vulnerability found in Outlook Express 5. By design, when an HTML mail is received, the mail content is downloaded onto the user's machine and processed. However, attachments to the mail should not be downloaded unless the user requests it. A flaw in Outlook Express 5 for Macintosh causes it to download all content, including attachments. The vulnerability does not provide a way for a malicious user to launch the downloaded attachments.
The second issue involves several digital certificates that are included in Internet Explorer 4.5 for Macintosh. These certificates are due to expire on December 31, 1999. The patch provides updated certificates, and also adds support for X509 V3 certificates. There is no security vulnerability associated with this issue; Microsoft is simply providing the replacement certificates and X.509 V3 support as a community service.
Affected Products
- Internet Explorer 4.5 and 5.0 for Macintosh
Download
Patch: http://www.microsoft.com/mac/download
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: December 22, 1999
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
| More Guides » | Registry Guide | Support Forums | Software Guide | Scripting Guide | Search |


