Exploit Microsoft Outlook Express 4.x/5.x/6.0 - Plaintext Email Security Policy Bypass

[Exploiter]

EDB-ID

24687

Проверка EDB

1. Пройдено

Автор

HTTP-EQUIV

Тип уязвимости

REMOTE

Платформа

WINDOWS

CVE

null

Дата публикации

2004-10-18

Microsoft Outlook Express 4.x/5.x/6.0 - Plaintext Email Security Policy Bypass

source: https://www.securityfocus.com/bid/11447/info

Microsoft Outlook Express is reported prone to a security policy bypass vulnerability.

The vulnerability presents itself if an attached image file is referenced using a specially crafted CID URI.

This will result in a policy bypass because the image will be automatically rendered when the email is viewed in Outlook Express.

<CENTER><IMG SRC="CID:{F69034DE-F779-4AA2-B5A9-
7413133C2A29}/malware.JPG"></CENTER>