<!DOCTYPE vdbentry SYSTEM "vulner.dtd">
<vdbentry refer="V-NUMBER">
<title>
Outlook Cache Bypass
</title>
<desc>
<short>
SHORT
</short>
<long>
If a web page on someone's system
creates a page on that same system, it can be created either in
the browser's cache or on disk.
When the file is created, if it is created
in the cache, it is in the Internet Zone and
is constrained by those policy settings. But if it is created on disk,
the disk file falls into the Local Intranet Zone
and is constrained by those policy settings.
In particular, the Internet Zone by default prevents anything executing
in it from accessing local system files except for those in the cache.
The Local Intranet Zone does not restrict this.
</long>
<comp>
Not vulnerable:
Outlook Express 5.5
</comp>
<os>
Windows NT 4.0, 95, 98, 2000
</os>
<veffect aswho="WHO" cando="WHAT">
EFFECT
</veffect>
<vdetect>
DETECTION
</vdetect>
<vfix>
FIXES
</vfix>
<vother>
OTHER
</vother>
</desc>
<keyword>
KEYWORDS
</keyword>
<cat>
<pa>
PROGRAM ANALYSIS
</pa>
<risos>
RISOS
</risos>
<cve>
<cvenum refer="CVE NUMBER">
CVE DESCRIPTION
</cvenum>
</cat>
<exploit>
EXPLOIT GENERAL INFORMATION
<attack>
POINTERS TO ATTACKS
</attack>
</exploit>
<relinfo>
NON-ADVISORY INFORMATION
<adv>
ADVISORIES
</adv>
<ovn>
OTHER DOVES ENTRIES
</ovn>
</relinfo>
<history>
<report>
<reporter>
WHO
</reporter>
<where>
WHERE
</where>
<when>
WHEN
</when>
<what>
WHAT
</report>
</history>
<revision revno=REVISION_NUMBER>
<changes m=MONTH d=DAY y=YEAR who=YOUR_NAME_HERE>
WHAT YOU DID
</changes>
</revision>
</vdbentry>