Microsoft Outlook / Outlook Express Cache Bypass Vulnerability

The Internet Explorer Security Architecture (which handles all incoming HTML processing, via email or web) controls the cache of Outlook / Outlook Express. Under normal circumstances, all incoming HTML email with inline data should be downloaded to the cache and opened with an Internet Zone security setting. Through certain methods, a user could send a HTML email with an inline file to a remote system which would be downloaded outside of Microsoft Outlook / Outlook Express' cache to a known location with the security setting of Local Computer Zone which has considerably higher privileges than Internet Zone.

If the email recipient were misled to open the file, the remote user would be able to gain read access on the system. This vulnerability could lead to the placement of executables on the recipient's system if coupled with other types of attacks.


Privacy Statement
Copyright 2010, SecurityFocus