Persistent Mail Browser Link

DOVES Vulnerability V-00110

DOVES Project
Computer Security Laboratory
Department of Computer Science
University of California at Davis

Description

Brief summary: A remote user could read email of another user

Detailed description: Microsoft's Outlook Express accepts mail with HTML commands and interprets the HTML. So, it can open a browser window that links back to the Outlook Express window. The browser can contain a script to read the HTML mail being displayed in Outlook Express. However, the link can be made persistent, in which case a script in the browser window could read all mail displayed in the preview pane of that session of Outlook Express. The browser could then relay contents of the mail elsewhere.

Components: Outlook Express 4.0, 4.01, 5.0, 5.01

Operating system(s): Windows NT 4.0, all versions; Windows 2000, all versionsThe attacker can view the user's email

How to detect:

Check settings. Activate Outlook Express, and select View, then Layout. Look at Show Preview Pane. If it is not selected, you are not vulnerable. (Be aware it can be selected at any time!)
Check your Outlook Express version number.
1. If you are running Outlook Express 4.01 SP2 (version 4.72.3612.1700), Outlook Express 5.01 not on Windows 2000 (version 5.00.2919.6600), or Outlook Express 5.01 on Windows 2000 (version 5.00.2919.6700), or any earlier versions, you are vulnerable.

How to fix:

Disable the Preview Pane. Activate Outlook Express, and select View, then Layout, then deselect Show Preview Pane. (Again, remember it can be reselected at any time!)
Install the patch for Outlook Express

Other information: