CVE-2004-0380

Name of the Vulnerable Software and Affected Versions Microsoft Outlook Express versions 5.5 SP2 through 6 SP1

Description The issue allows remote attackers to bypass domain restrictions and execute arbitrary code. This can be demonstrated on Internet Explorer using script in a compiled help (CHM) file that references specific protocol handlers, such as ms-its, ms-itss, its, or mk:@MSITStore.

Recommendations For Microsoft Outlook Express versions 5.5 SP2 through 6 SP1, consider disabling the MHTML protocol handler as a temporary workaround until a patch is available. Restrict access to compiled help files that reference the InfoTech Storage (ITS) protocol handlers to minimize the risk of exploitation.