OLEXP: Patch Available for HTML E-mail Message Attachment Vulnerability

Article translations Article translations
Article ID: 249082 - View products that this article applies to.
This article was previously published under Q249082
This article has been archived. It is offered "as is" and will no longer be updated.
For information about the differences between Microsoft Outlook Express and Microsoft Outlook e-mail clients, click the following article number to view the article in the Microsoft Knowledge Base:
257824 OL2000: Differences Between Outlook and Outlook Express
Expand all | Collapse all


Microsoft has released a patch that eliminates a security vulnerability in Microsoft Outlook Express for Macintosh. The vulnerability can allow attachments to Hypertext Markup Language (HTML) e-mail messages to be automatically downloaded onto your computer.


The patch also provides replacements for several digital certificates that are included in Internet Explorer for Macintosh, that are dated to expire on December 31, 1999.

You can download the patch from the following Microsoft Web site:
You can find frequently asked questions about this vulnerability at the following Microsoft Web site:
The patch addresses the following two issues:
  • A security vulnerability found in Outlook Express 5.
    When you receive an HTML e-mail message, the message content is downloaded onto your computer. Any attachments to the e-mail message are not downloaded unless you choose to download them. Because of a problem in Outlook Express 5 for Macintosh, when you receive an e-mail message with an attachment, all of the e-mail message content is downloaded, including any attachments. The vulnerability does not provide a way for a malicious user to start the downloaded attachments.
  • Updated certificates for Internet Explorer 4.5 for Macintosh.
    The digital certificates that are included in Internet Explorer 4.5 for Macintosh are dated to expire on December 31, 1999. The patch includes updated certificates. There is no security vulnerability associated with the certificates' expiration; Microsoft is simply providing replacements for your convenience.


Article ID: 249082 - Last Review: October 22, 2013 - Revision: 3.1
  • Microsoft Outlook Express 5.0 Macintosh Edition
  • Microsoft Outlook Express 4.5 for Macintosh
  • Microsoft Internet Explorer 4.5 for Macintosh
kbnosurvey kbarchive kbbug kbfaq kbpending kburl KB249082

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com