Help and Support
 

powered byLive Search

OLEXP: Patch Available for HTML E-mail Message Attachment Vulnerability

Retired KB ArticleThis article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
View products that this article applies to.
Article ID:249082
Last Review:July 24, 2007
Revision:3.1
This article was previously published under Q249082
For information about the differences between Microsoft Outlook Express and Microsoft Outlook e-mail clients, click the following article number to view the article in the Microsoft Knowledge Base:
257824 (http://support.microsoft.com/kb/257824/EN-US/) OL2000: Differences Between Outlook and Outlook Express

SUMMARY

Microsoft has released a patch that eliminates a security vulnerability in Microsoft Outlook Express for Macintosh. The vulnerability can allow attachments to Hypertext Markup Language (HTML) e-mail messages to be automatically downloaded onto your computer.

MORE INFORMATION

The patch also provides replacements for several digital certificates that are included in Internet Explorer for Macintosh, that are dated to expire on December 31, 1999.

You can download the patch from the following Microsoft Web site:
http://www.microsoft.com/mac/download (http://www.microsoft.com/mac/download)
You can find frequently asked questions about this vulnerability at the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/fq99-060.mspx (http://www.microsoft.com/technet/security/bulletin/fq99-060.mspx)
The patch addresses the following two issues:
A security vulnerability found in Outlook Express 5.
When you receive an HTML e-mail message, the message content is downloaded onto your computer. Any attachments to the e-mail message are not downloaded unless you choose to download them. Because of a problem in Outlook Express 5 for Macintosh, when you receive an e-mail message with an attachment, all of the e-mail message content is downloaded, including any attachments. The vulnerability does not provide a way for a malicious user to start the downloaded attachments.
Updated certificates for Internet Explorer 4.5 for Macintosh.
The digital certificates that are included in Internet Explorer 4.5 for Macintosh are dated to expire on December 31, 1999. The patch includes updated certificates. There is no security vulnerability associated with the certificates' expiration; Microsoft is simply providing replacements for your convenience.
APPLIES TO
Microsoft Outlook Express 5.0 Macintosh Edition
Microsoft Outlook Express 4.5 for Macintosh
Microsoft Internet Explorer 4.5 for Macintosh

Back to the top

Keywords: 
kbbug kbfaq kbpending kburl KB249082

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by E-mail, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.