RE: outlook 2000 vs latest outlook express deployment

From: Toni Lassila (toni.lassila@mc-europe.com)
Date: 11/20/02

  • Next message: Craig_Sullivan@Waitrose.co.uk: "Re: How to secure Internet Explorer"
    Date: Wed, 20 Nov 2002 09:18:28 +0200
    From: "Toni Lassila" <toni.lassila@mc-europe.com>
    To: "Eric" <ews@tellurian.net>
    
    

    > -----Original Message-----
    > From: Eric [mailto:ews@tellurian.net]
    > Sent: Tuesday, November 19, 2002 0:19
    > To: auto472736@hushmail.com; focus-ms@securityfocus.com
    > Subject: Re: outlook 2000 vs latest outlook express deployment
    >
    >
    > as long as you've applied the latest Office 2000 Service Pack (SP2
    > http://office.microsoft.com/downloads/2000/SP2upd.aspx) you
    > will be in
    > decent shape. Office 2000 SP2 includes the Outlook Email
    > Security Update
    > (OESU)

    But that was two years ago. Since then there have been several vulns
    published (and patched):

    2002-04-26: Microsoft Outlook HTML Mail Script Execution Vulnerability
    2002-04-09: Microsoft VBScript ActiveX Word Object Denial Of Service
    Vulnerability
    2002-03-22: Microsoft Outlook Disabled Cookies Setting Bypass Vulnerability
    2002-03-21: Microsoft Outlook Javascript Execution Vulnerability
    2002-03-21: Microsoft Outlook IFrame Embedded URL Vulnerability
    2001-08-17: Microsoft Outlook Arbitrary Code Execution Vulnerability
    2001-08-15: Microsoft MSHTML.DLL Crash Vulnerability
    2001-07-13: Microsoft Outlook Unauthorized Email Access Vulnerability
    2001-06-05: Microsoft Outlook Express Address Book Spoofing Vulnerability
    2001-03-11: Microsoft Outlook vcard Buffer Overflow Vulnerability
    2001-02-27: Microsoft Outlook Vcard DoS Vulnerability
    2001-01-22: Microsoft Outlook Concealed Attachment Vulnerability