![]() ![]() An attacker might also leverage this flaw using a man-in-the-middle attack. However, in order to send a malicious POP3 or IMAP response to an email client, an attacker has to somehow convince their victim into configuring their mail client to connect to a malicious email server. ![]() As is typical with Windows vulnerabilities, if your users have local administrative privileges, the attacker could leverage this flaw to gain complete control of their PC. By sending a specially crafted POP3 or IMAP response to one of your user’s email clients, an attacker can trigger this integer overflow flaw to execute code on that user’s computer, with that user’s privileges. In a security bulletin released during patch day, Microsoft describes a new integer overflow vulnerability that affects Outlook Express and Windows Mail. Older versions of Windows came with Outlook Express, while more recent versions come with Windows Mail or Windows Live Mail. #Outlook express x64 download install#What to do: Download, test, and install Microsoft’s email client updates as soon as possible, or let Windows Automatic Update do it for youĪll versions of Windows ship with a free email client that allows you to retrieve your email from an email server. ![]() Impact: An attacker can execute malicious code, potentially gaining full control of your users computer.How an attacker exploits it: By enticing one of your users to connect to a malicious POP3 or IMAP email server (or by performing a man-in-the-middle attack).This vulnerability affects: The email client shipping with any current version of Windows (whether it’s Outlook Express or Windows Mail). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |