Microsoft KB Archive/249082

= OLEXP: Patch Available for HTML E-mail Message Attachment Vulnerability =

Article ID: 249082

Article Last Modified on 7/24/2007

-

APPLIES TO


 * Microsoft Outlook Express 5.0 Macintosh Edition
 * Microsoft Outlook Express 4.5 for Macintosh
 * Microsoft Internet Explorer 4.5 for Macintosh

-



This article was previously published under Q249082



For information about the differences between Microsoft Outlook Express and Microsoft Outlook e-mail clients, click the following article number to view the article in the Microsoft Knowledge Base:

257824 OL2000: Differences Between Outlook and Outlook Express



SUMMARY
Microsoft has released a patch that eliminates a security vulnerability in Microsoft Outlook Express for Macintosh. The vulnerability can allow attachments to Hypertext Markup Language (HTML) e-mail messages to be automatically downloaded onto your computer.



MORE INFORMATION
The patch also provides replacements for several digital certificates that are included in Internet Explorer for Macintosh, that are dated to expire on December 31, 1999.

You can download the patch from the following Microsoft Web site:

http://www.microsoft.com/mac/download

You can find frequently asked questions about this vulnerability at the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/fq99-060.mspx

The patch addresses the following two issues:
 * A security vulnerability found in Outlook Express 5.

When you receive an HTML e-mail message, the message content is downloaded onto your computer. Any attachments to the e-mail message are not downloaded unless you choose to download them. Because of a problem in Outlook Express 5 for Macintosh, when you receive an e-mail message with an attachment, all of the e-mail message content is downloaded, including any attachments. The vulnerability does not provide a way for a malicious user to start the downloaded attachments.
 * Updated certificates for Internet Explorer 4.5 for Macintosh.

The digital certificates that are included in Internet Explorer 4.5 for Macintosh are dated to expire on December 31, 1999. The patch includes updated certificates. There is no security vulnerability associated with the certificates' expiration; Microsoft is simply providing replacements for your convenience.

Keywords: kbbug kbfaq kbpending kburl KB249082

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.