Alert: Microsoft Security Bulletin MS04-013 - Cumulative Security Update for Outlook Express (837009)
From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 04/14/04
- Previous message: Russ: "Alert: Microsoft Security Bulletin MS04-012 - Cumulative Update for Microsoft RPC/DCOM (828741)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 14 Apr 2004 08:08:31 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Microsoft Security Bulletin MS04-013:
Cumulative Security Update for Outlook Express (837009)
Bulletin URL:
<http://www.microsoft.com/technet/security/bulletin/MS04-013.mspx>
Summary:
Version Number: 1.0
Revision Date: April 13, 2004
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Patch(es) Replaced: This bulletin replaces MS03-014: Cumulative Update
for Outlook Express, and any prior Cumulative Security Update for
Outlook Express.
Caveats: None
Revisions:
* v1.0 - Tuesday, April 13, 2004: Bulletin published
Tested Software:
Affected Software:
* Microsoft Windows NT. Workstation 4.0 Service Pack 6a
* Microsoft Windows NT Server 4.0 Service Pack 6a
* Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
6
* Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000
Service Pack 3, Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP and Microsoft Windows XP Service Pack 1
* Microsoft Windows XP 64-Bit Edition Service Pack 1
* Microsoft Windows XP 64-Bit Edition Version 2003
* Microsoft Windows Server 2003
* Microsoft Windows Server 2003 64-Bit Edition
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (ME) - Review the FAQ section of
this bulletin for details about these operating systems.
Affected Components:
* Microsoft Outlook Express 5.5 SP2:
<http://www.ntbugtraq.com/link/88d8f9dc-589a-4ce5-bb04-ccedcb8addba.asp>
* Microsoft Outlook Express 6:
<http://www.ntbugtraq.com/link/dceb332e-cae4-4743-b6ab-edc1cd625ae0.asp>
* Microsoft Outlook Express 6 SP1:
<http://www.ntbugtraq.com/link/925628bd-1b5f-4b21-8db6-ede1c73f97b5.asp>
* Microsoft Outlook Express 6 SP1 (64 bit Edition):
<http://www.ntbugtraq.com/link/dedba3ea-05ec-45af-8795-5f785d83ca77.asp>
* Microsoft Outlook Express 6 on Windows Server 2003:
<http://www.ntbugtraq.com/link/1c44fb27-6a9d-42ae-8e06-3adbb7896bcd.asp>
* Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition):
<http://www.ntbugtraq.com/link/c765e4f3-19a4-45cf-be99-28c136b14e30.asp>
Technical Description:
Executive Summary:
This is a cumulative update that includes the functionality of all the
previously-released updates for Outlook Express 5.5 and Outlook Express
6. Additionally, it eliminates a new vulnerability that could allow an
attacker who successfully exploited this vulnerability to access files
and to take complete control of the affected system. This could occur
even if Outlook Express is not used as the default e-mail reader on the
system.
MHTML URL Processing Vulnerability - CAN-2004-0380
This email is sent to NTBugtraq automagically as a service to my
subscribers. (v4.00.1564.10850)
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
-----
Earn up to 10 credit course hours toward the TruSecure ICSA Practitioner (TICSA) Credential and receive a TICSA exam coupon by attending the Infosecurity Canada 2004 conference. Featured speaker, Marcus J. Ranum, TruSecure inventor of the proxy firewall will present on June 3 at 11:30 AM. Visit <https://ticsa.trusecure.com> for certification details and <http://www.infosecuritycanada.com> for conference information. Become TICSA certified and see what happens!
-----
- Previous message: Russ: "Alert: Microsoft Security Bulletin MS04-012 - Cumulative Update for Microsoft RPC/DCOM (828741)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
