&lt;!DOCTYPE vdbentry SYSTEM "vulner.dtd"> <BR>
&lt;vdbentry refer="V-NUMBER"> <BR>
&lt;title><BR>
Outlook Cache Bypass<BR>
&lt;/title> <BR>
&lt;desc> <BR>
&lt;short><BR>
SHORT<BR>
&lt;/short> <BR>
&lt;long><BR>
If Outlook or Outlook Express interpret<BR>
an HTML mail message page that creates a second page on ithe same system,<BR>
that second page can be created either in the browser's cache or on disk.<BR>
When the file is created, if it is created<BR>
in the cache, it is in the Internet Zone and<BR>
is constrained by those policy settings. But if it is created on disk,<BR>
the disk file falls into the Local Intranet Zone (Local Computer Zone)<BR>
and is constrained by those policy settings.<BR>
In particular, the Internet Zone by default prevents anything executing<BR>
in it from accessing local system files except for those in the cache.<BR>
The Local Intranet Zone (Local Computer Zone) does not restrict this.<BR>
&lt;/long> <BR>
&lt;comp> <BR>
Inetcomm.dll;<BR>
Msoe.dll;<BR>
Msoert2.dll;<BR>
Microsoft Outlook Express 4.0, 4.01, 5.0, 5.01;<BR>
Microsoft Outlook 98, 2000;<BR>
Not vulnerable:<BR>
Outlook Express 5.5<BR>
&lt;/comp> <BR>
&lt;os><BR>
Windows NT 4.0, 95, 98, 2000<BR>
&lt;/os> <BR>
&lt;veffect aswho="user" cando="read"><BR>
The attacker creates a Trojan horse that,<BR>
when triggered, lets the attacker read files<BR>
on the user's system.<BR>
&lt;/veffect> <BR>
&lt;vdetect> <BR>
DETECTION<BR>
&lt;/vdetect> <BR>
&lt;vfix> <BR>
&lt;tech><BR>
Install the patch <BR>
&lt;step><BR>
Be sure you are running Internet Explorer 4.01 SP2 or Internet Explorer 5.01<BR>
or later. The patch requires this to install. <BR>
&lt;step><BR>
Download the patch for your version of <BR>
&lt;href url="http://www.microsoft.com/windows/ie/download/critical/patch9.htm">Outlook or Outlook Express&lkt;href><BR>
and install it.<BR>
&lt;<BR>
If you are using any system other than Windows 2000,<BR>
install Internet Explorer 5.<BR>
01 SP1 or Internet Explorer 5.5. This eliminates<BR>
the vulnerability. <BR>
&lt;tech><BR>
If you are using Windows 2000, install Windows 2000 SP1.<BR>
&lt;/vfix> <BR>
&lt;vother> <BR>
OTHER<BR>
&lt;/vother> <BR>
&lt;/desc> <BR>
&lt;keyword> <BR>
KEYWORDS<BR>
&lt;/keyword> <BR>
&lt;cat> <BR>
&lt;pa> <BR>
PROGRAM ANALYSIS<BR>
&lt;/pa> <BR>
&lt;risos> <BR>
RISOS<BR>
&lt;/risos> <BR>
&lt;cve><BR>
&lt;cvenum refer="CVE NUMBER"><BR>
CVE DESCRIPTION<BR>
&lt;/cvenum><BR>
&lt;/cat> <BR>
&lt;exploit> <BR>
EXPLOIT GENERAL INFORMATION<BR>
&lt;attack><BR>
POINTERS TO ATTACKS<BR>
&lt;/attack> <BR>
&lt;/exploit> <BR>
&lt;relinfo> <BR>
Microsoft Knowledge Base article<BR>
&lt;href url="http://www.microsoft.com/technet/support/kb.asp?ID=247638">Q247638,<BR>
Cache Bypass Vulnerability Fix Available&lt;/href><BR>
&lt;adv><BR>
&lt;ul><BR>
&lt;li>Microsoft Security Bulletin<BR>
&lt;href url="http://www.microsoft.com/technet/security/bulletin/MS00-046.asp">MS00-046&lt;href><BR>
&/ul><BR>
&lt;/adv> <BR>
&lt;ovn> <BR>
OTHER DOVES ENTRIES<BR>
&lt;/ovn> <BR>
&lt;/relinfo> <BR>
&lt;history> <BR>
&lt;report> <BR>
&lt;reporter><BR>
WHO<BR>
&lt;/reporter> <BR>
&lt;where><BR>
WHERE<BR>
&lt;/where> <BR>
&lt;when><BR>
WHEN<BR>
&lt;/when><BR>
&lt;what><BR>
WHAT<BR>
&lt;/report><BR>
&lt;/history> <BR>
&lt;revision revno=REVISION_NUMBER><BR>
&lt;changes m=MONTH d=DAY y=YEAR  who=YOUR_NAME_HERE> <BR>
WHAT YOU DID<BR>
&lt;/changes> <BR>
&lt;/revision> <BR>
&lt;/vdbentry><BR>