Patch Management Software
Live Demo Free Edition Download Now

Outlook Express 6.0 Patch DetailsOutlook Express 6.0 Patches

Patch Name : Q330994.Exe
Patch Description : 330994: April 2003, Cumulative Patch for Outlook Express 6 SP1
Bulletin Id : MS03-014
Bulletin Title : Cumulative Patch for Outlook Express (330994)
KnowledgeBase :330994
Severity : Critical
Location Path :Q330994.Exe
Bulletin Summary: MHTML stands for MIME Encapsulation of Aggregate HTML. MHTML is an Internet standard that defines the MIME (Multipurpose Internet Mail Extensions) structure used to send HTML content in e-mail message bodies. The MHTML URL Handler in Windows is part of Outlook Express and provides a URL type that can be used on the local machine. This URL type (MHTML://) allows MHTML documents to be launched from a command line, from Start/Run, using Windows Explorer or from within Internet Explorer.

A vulnerability exists in the MHTML URL Handler that allows any file that can be rendered as text to be opened and rendered as part of a page in Internet Explorer. As a result, it would be possible to construct a URL that referred to a text file that was stored on the local computer and have that file render as HTML. If the text file contained script, that script would execute when the file was accessed. Since the file would reside on the local computer, it would be rendered in the Local Computer Security Zone. Files that are opened within the Local Computer Zone are subject to fewer restrictions than files opened in other security zones.
Superceding Bulletin Id : None
Patch Release Date : Apr 23, 2003
CVE Id :CAN-2002-0980
Affected Product Information  
Product Name Service Pack Name
Outlook Express 6.0Internet Explorer 6 SP1

Disclaimer: This webpage is intended to provide you information about patch announcements for certain specific software products. The information is provided "As Is" without warranty of any kind. The links provided point to pages on the vendors' websites. You can get more information by clicking the links to visit the relevant pages on the vendors' websites. Desktop Central is NOT endorsed by the vendors of the software products.