Outlook Express 5.0 Open to Security Breach
Microsoft has issued an alert about a security hole in Outlook Express 5.0 for the Macintosh. Essentially, a malicious person could send a specially composed MHTML (MIME HTML) message to an Outlook Express 5.0 user. That message would then automatically download a file to the user’s default Download folder without the user’s knowledge. (You set the Download folder in the Internet control panel, Internet Config, Internet Explorer, or other Internet Config-savvy application.) If that file were a destructive application, and if you were to launch it, damage could occur. This situation is similar to receiving an application as an email attachment. In this case, though, you won’t be able to connect a message to that file; at some point, you’ll just find an unidentified application in your Download folder with no indication that it might be dangerous. Although Microsoft is working on a fix, the only solution at the moment is to open only downloaded files whose source you can identify.