[NT] Microsoft Outlook Express 6 "E-mail Attachment Security" Flawed
From: support@securiteam.comDate: 12/12/01
- Previous message: support@securiteam.com: "[NT] Weak Encryption in Pathways Homecare"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Wed, 12 Dec 2001 06:59:55 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Microsoft Outlook Express 6 "E-mail Attachment Security" Flawed
------------------------------------------------------------------------
SUMMARY
Microsoft has added a security setting to Outlook Express 6: Do not allow
attachments to be saved or opened that could potentially be a virus. This
setting is not enabled as default, but Microsoft is suggesting it in this
document entitled
<http://support.microsoft.com/default.aspx?scid=kb;EN-US;q291387> Using
Virus Protection Features in Outlook Express 6. The vulnerability lies in
the fact that forwarded mail that contain such harmful attachments, will
not be "grayed" out to discourage users from trying to open it (unlike
when reading the original message).
DETAILS
Vulnerable systems:
Outlook Express version 6.0
Vendor status:
When contacted, a person from Microsoft's Security Response Center wrote
in an e-mail: "The capability to forward an email with an attachment is a
feature in Outlook Express that is by-design. As you mention, Outlook
Express does allow the blocking of unsafe attachments.
ADDITIONAL INFORMATION
The information has been provided by <mailto:arie@infinisource.com> Arie
Slob.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Weak Encryption in Pathways Homecare"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
