Microsoft Outlook Express for MacOS HTML Attachment Automatic Download Vulnerability

Medium Nessus Network Monitor Plugin ID 1293

Synopsis

The remote host may be tricked into downloading a malicious file

Description

The remote host is running Outlook Express 5.0 for MacOS. This version of Express will automatically download attachments to HTML messages, without prompting the user. This weakness does not allow for a means of forcing the user to execute any code, or place files in a specific folder, but could be used in conjunction with other attacks.

Solution

Upgrade to the latest version.

Plugin Details

Severity: Medium

ID: 1293

File Name: 1293.prm

Family: SMTP Clients

Published: 2004/08/20

Modified: 2016/01/21

Dependencies: 1332

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:H/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:microsoft:outlook_express

Reference Information

BID: 883