Microsoft Outlook Express for MacOS HTML Attachment Automatic Download Vulnerability

low Nessus Network Monitor Plugin ID 1293

Synopsis

The remote host may be tricked into downloading a malicious file

Description

The remote host is running Outlook Express 5.0 for MacOS. This version of Express will automatically download attachments to HTML messages, without prompting the user. This weakness does not allow for a means of forcing the user to execute any code, or place files in a specific folder, but could be used in conjunction with other attacks.

Solution

Upgrade to the latest version.

Plugin Details

Severity: Low

ID: 1293

Family: SMTP Clients

Published: 8/20/2004

Updated: 3/6/2019

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.6

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:microsoft:outlook_express

Reference Information

BID: 883

Detections

Analytics