Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (E-mail Client)  >   Microsoft Outlook Express Vendors:   Microsoft
Microsoft Outlook Express May Disclose 'bcc:' Recipient Addresses
SecurityTracker Alert ID:  1011067
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Aug 27 2004
Original Entry Date:  Aug 26 2004
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 6.0
Description:   A vulnerability was reported in Microsoft Outlook Express. When large, multipart messages are sent, 'bcc:' recipient addresses may be disclosed to the other recipients.

Juha-Matti Laurio reported that when a target user sends a large e-mail when Microsoft Outlook Express is configured to break apart e-mail messages of that size, any recipient addresses in the 'bcc:' field will be disclosed to the other recipients in the 'to:' and 'cc:' fields.

Impact:   A remote user that receives a message may be able to view any 'bcc:' addresses associated with that message.
Solution:   A hotfix is available from Microsoft Product Support Services:;EN-US;843555

Vendor URL:;EN-US;843555 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, LLC