• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer Self Executing HTML File Vulnerability

Solution:
The Cumulative Patch for Outlook Express (330994) from Microsoft Security Bulletin MS03-014 removes the ability of MHTML to read any file format other than .MHT and .MHTML. This effectively prevents exploitation of this vulnerability since it relies on the ability of MHTML to read a prohibited file type.


Microsoft Outlook Express 5.5 SP2

• Microsoft 330994: April 2003, Cumulative Patch for Outlook Express 5.5 Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?FamilyID=ac1a8632-8b71 -4d90-beb0-8c3f1a23889d&displaylang=en

Microsoft Outlook Express 6.0

• Microsoft 330994: April 2003, Cumulative Patch for Outlook Express 6
  http://www.microsoft.com/downloads/details.aspx?FamilyID=4e4178ed-af49 -4ba1-848d-19b984d66e60&displaylang=en

Microsoft Outlook Express 6.0 SP1

• Microsoft 330994: April 2003, Cumulative Patch for Outlook Express 6 Service Pack 1 (64-Bit)
  http://www.microsoft.com/downloads/details.aspx?FamilyID=7a81c56a-ac62 -4bec-a6e0-8239eb7898a7&displaylang=en


• Microsoft 330994: April 2003, Cumulative Patch for Outlook Express 6 SP1
  http://www.microsoft.com/downloads/details.aspx?FamilyID=0CF81200-DD86 -4636-8AE5-3F4AF4E829D8&displaylang=en