COMMAND

    Outlook Express

SYSTEMS AFFECTED

    Outlook Express 5

PROBLEM

    Georgi  Guninski  found  following.   Outlook  Express  5.01   and
    Internet Explorer  5.01 under  Windows 95  (suppose other versions
    are  also  vulnerable)  allow  reading  subsequently  opened email
    messages after a hostile message is opened.

    The problem is assigning the document object of the email  message
    to  a  variable  in  a  newly  opened  window.  Thru this variable
    access is possible to open email messages.


    The code that must be included in HTML message is :

        <SCRIPT>
        a=window.open("about:<A HREF='javascript:alert(x.body.innerText)' >Click
        here to see the active message</A>");
        a.x=window.document;
        </SCRIPT>

SOLUTION

    Disable Active Scripting