OLEXP: Patch Available for HTML E-mail Message Attachment Vulnerability (249082)

For information about the differences between Microsoft Outlook Express and Microsoft Outlook e-mail clients, click the following article number to view the article in the Microsoft Knowledge Base:

257824 OL2000: Differences Between Outlook and Outlook Express

MORE INFORMATION

The patch also provides replacements for several digital certificates that are included in Internet Explorer for Macintosh, that are dated to expire on December 31, 1999.

You can download the patch from the following Microsoft Web site:

http://www.microsoft.com/mac/download

You can find frequently asked questions about this vulnerability at the following Microsoft Web site:

http://www.microsoft.com/security/bulletins/ms99-060faq.asp

The patch addresses the following two issues:

A security vulnerability found in Outlook Express 5.
When you receive an HTML e-mail message, the message content is downloaded onto your computer. Any attachments to the e-mail message are not downloaded unless you choose to download them. Because of a problem in Outlook Express 5 for Macintosh, when you receive an e-mail message with an attachment, all of the e-mail message content is downloaded, including any attachments. The vulnerability does not provide a way for a malicious user to start the downloaded attachments.
Updated certificates for Internet Explorer 4.5 for Macintosh.
The digital certificates that are included in Internet Explorer 4.5 for Macintosh are dated to expire on December 31, 1999. The patch includes updated certificates. There is no security vulnerability associated with the certificates' expiration; Microsoft is simply providing replacements for your convenience.

OLEXP: Patch Available for HTML E-mail Message Attachment Vulnerability (249082)

SUMMARY

MORE INFORMATION