Outlook Express Remote Code Execution in Pr eview Pane (S/MIME)

[david.vincent () mightyoaks com (David Vincent)]

> Nevertheless, there is still something bothering me: if you look at the IE
6
> SP1 fix list (linked from
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q326489), there is
> absolutely no reference to this problem.
>
> So, Microsoft addressed a critical problem in the service pack, but decided
> to  keep silent about it until now.
>
> I wonder what else has been hidden.


i've been wondering the same thing.  they also rolled a remote desktop fix
into xp sp1 and later released a patch for w2k and xp.

lesee...  remember this?

-----

Title:      Cryptographic Flaw in RDP Protocol can Lead to 
            Information Disclosure (Q324380)
Released:   18 September 2002
Software:   Microsoft Windows 2000 
            Microsoft Windows XP
Impact:     Two vulnerabilities: information disclosure, denial of 
            service
Max Risk:   Moderate
Bulletin:   MS02-051

-----

and then...

-----

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS02-051.asp

Additional information about this patch
Installation platforms: 

The patch for Windows 2000 can be installed on systems running Windows 2000
Service Pack 2 or Windows 2000 Service Pack 3. 
The patch for Windows XP can be installed on systems running Windows XP
Gold. 
Inclusion in future service packs:


The fix for this issue will be included in Windows 2000 Service Pack 4. 
The fix for this issue is included in Windows XP Service Pack 1. 

-----


-d