Microsoft Outlook Express 4.x/5.x/6.0 - Plaintext Email Security Policy Bypass

Author: http-equiv
type: remote
platform: windows
port: 
date_added: 2004-10-18  
date_updated: 2013-03-10  
verified: 1  
codes: OSVDB-11051  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 24687.txt  

source: https://www.securityfocus.com/bid/11447/info

Microsoft Outlook Express is reported prone to a security policy bypass vulnerability.

The vulnerability presents itself if an attached image file is referenced using a specially crafted CID URI.

This will result in a policy bypass because the image will be automatically rendered when the email is viewed in Outlook Express.

<CENTER><IMG SRC="CID:{F69034DE-F779-4AA2-B5A9-
7413133C2A29}/malware.JPG"></CENTER>