Full Disclosure mailing list archives

Outlook Express Remote Code Execution in Preview Pane (S/MIME)

From: editor () infoguerra com br (Giordani Rodrigues)
Date: Thu, 10 Oct 2002 22:05:38 -0300

Same thing here. However, I suppose this is only a wrong message. The
correct message should be "You don't need to install this patch", or
something like this.

Take a look at what MS says:

http://www.microsoft.com/technet/security/bulletin/ms02-058.asp :

"Additional information about this patch
(...)
The fix for this issue is included in Outlook Express 6.0 Service Pack 1
(which is available in Internet Explorer 6.0 Service Pack 1 or as part of
Windows XP Service Pack 1)."


Regards,

Giordani Rodrigues.


----- Original Message -----
From: "HggdH" <hggdh () attbi com>
To: <full-disclosure () lists netsys com>
Sent: Thursday, October 10, 2002 8:41 PM
Subject: Fw: [Full-disclosure] Outlook Express Remote Code Execution in
Preview Pane (S/MIME)

I went ahead, and downloaded and applied the patch to one of my systems..

This system is a Windows 2000 SP3 + all sec patches to dsate,  IE6 SP1
V6.0.2800.1106, OE6 V6.0.2800.1106.

To my surprise, the patch refused to install, telling me "This update
requires Internet Explorer 6.0 to be installed.".

So. Is Outlook Express V6 (as of MS Internet Explorer V6 SP1) vulnerable

or

not?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Outlook Express Remote Code Execution in Preview Pane (S/MIME) Aviram Jenik (Oct 10)
- <Possible follow-ups>
- Fw: Outlook Express Remote Code Execution in Preview Pane (S/MIME) HggdH (Oct 10)
  - Outlook Express Remote Code Execution in Preview Pane (S/MIME) Nexus (Oct 10)
    - QRe: Outlook Express Remote Code Execution in Preview Pane (S/MIME) HggdH (Oct 10)
  - Outlook Express Remote Code Execution in Preview Pane (S/MIME) Giordani Rodrigues (Oct 10)