VULHUB ™

Microsoft Outlook and Outlook Express are reported to be prone to store various files, which may contain attacker-supplied content, in predictable locations. This may present a security risk because many known (and potential) Internet Explorer vulnerabilities depend on the attacker being able to directly reference malicious content on a victim system. Given both the ability to place such content on the file system and reference it specifically by location, exploitation of many browser-based vulnerabilities becomes possible. Other securiy consequences also exist, such as disclosure of Address Book contents.

Microsoft Outlook and Outlook Express are reported to be prone to store various files, which may contain attacker-supplied content, in predictable locations. This may present a security risk because many known (and potential) Internet Explorer vulnerabilities depend on the attacker being able to directly reference malicious content on a victim system. Given both the ability to place such content on the file system and reference it specifically by location, exploitation of many browser-based vulnerabilities becomes possible. Other securiy consequences also exist, such as disclosure of Address Book contents.