Microsoft Outlook Express for MacOS HTML Attachment Automatic Download Vulnerability

Medium Nessus Network Monitor Plugin ID 1293


The remote host may be tricked into downloading a malicious file


The remote host is running Outlook Express 5.0 for MacOS. This version of Express will automatically download attachments to HTML messages, without prompting the user. This weakness does not allow for a means of forcing the user to execute any code, or place files in a specific folder, but could be used in conjunction with other attacks.


Upgrade to the latest version.

Plugin Details

Severity: Medium

ID: 1293

File Name: 1293.prm

Family: SMTP Clients

Published: 2004/08/20

Modified: 2016/01/21

Dependencies: 1332

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C


Base Score: 5.3

Temporal Score: 5.1


Temporal Vector: CVSS3#E:H/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:microsoft:outlook_express

Reference Information

BID: 883