Reported April 13, 2004, by Microsoft.

 

 

 

VERSIONS AFFECTED

 

·         Windows Server 2003

·         Windows XP

·         Windows 2000 Server

·         Windows NT Server 4.0 Service Pack (SP) 6a

·         NT Server 4.0, Terminal Server Edition (WTS) SP6

·         NT Workstation 4.0 SP6a

·         Windows Me

·         Windows 9x

 

DESCRIPTION

 

A new vulnerability exists in Microsoft Outlook Express that could result in the execution of arbitrary code on the vulnerable system.

 

VENDOR RESPONSE

 

Microsoft has released security bulletin MS04-013, "Cumulative Security Update for Outlook Express (837009)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.

 

CREDIT

 

Discovered by Microsoft.