OLEXP: Information About the Outlook Express Security Patch

This article provides general information about the Microsoft Outlook Express Security Patch that was released on July 20, 2000.

The Outlook Express Security Patch provides additional levels of protection against malicious e-mail messages. For general information about this patch, please see the following Microsoft Web site: To download the patch, please see the following Microsoft Web site: If you have installed Microsoft Internet Explorer 5.01 Service Pack 1 (SP1) or Microsoft Internet Explorer 5.5 on a computer that is running any operating system other than Microsoft Windows 2000, you are not affected by these vulnerabilities and do not need to apply the patch.

Fixes

The following potential vulnerabilities are fixed when you apply this patch:

Buffer Overflow in Outlook Express Mail Header

• When the date and time fields in a message header are improperly formatted, the result is a buffer overflow. This potentially allows someone to run malicious code on your computer.For additional information about the buffer overflow issue, click the article number below to view the article in the Microsoft Knowledge Base:
  267884  (http://support.microsoft.com/kb/267884/EN-US/ ) E-mail Security Vulnerability Fixed in Internet Explorer 5.01 SP1
• If you use Outlook Express to open an e-mail message from an Internet Message Access Protocol (IMAP) server and the message contains a long subject (larger than approximately 192 characters), a buffer overflow is the result that can potentially allow someone to run malicious code on your computer.

File Attachments

• When you open a multimedia e-mail attachment (such as file types ending in .mid, .wav, .gif, or .mov), code that is contained in the attachment can automatically run.
  For additional information about issues with multimedia e-mail attachments, click the article number below to view the article in the Microsoft Knowledge Base:

  247638  (http://support.microsoft.com/kb/247638/EN-US/ ) Cache Bypass Vulnerability Fix Available
• If you open an e-mail message and see the File Download attachment warning dialog box instead of the Open Attachment Warning dialog box, and then click Cancel, the attachment is not deleted from your hard disk. This temporary file may be a compiled Hypertext Markup Language (HTML) file with a .chm file name extension. You can open the attachment with the window.showHelp() method, which may run malicious code.
• Outlook Express may place extracted .mht files on a local hard disk in predictable locations. This allows a cross-domain violation. Code on a remote Web page can then open files on the local computer. When these files are opened, they run in the context of the My Computer security zone.

Java Script in the Preview Pane

If you use the preview pane to view a message that contains Java Script, the script can read subsequent e-mail messages that have been opened.