Outlook Express Lets Attackers Skirt Filters
A feature in Microsoft's Outlook Express mail client allows attackers to sneak malicious code past filters and anti-virus apps.A feature in Microsoft Corp.s Outlook Express mail client that enables users to send large e-mails in several parts can also be used by virus writers and attackers to sneak malicious code past filters and anti-virus software. The feature is disabled by default but can be enabled with a few mouse clicks from the Tools drop-down menu. The tool is meant mainly for users on slow, dial-up connections who need to send large e-mails. When enabled, it breaks messages into two or more parts, sends them to the recipient, whose mail client then automatically reassembles them into one message before delivery. The problem is that some anti-virus scanners and SMTP content-filtering applications do not perform the reassembly before scanning the messages. This allows an attacker to bypass such filters and send a virus, Trojan or any other type of file that might ordinarily be banned from a corporate network, according to an advisory published Thursday by Beyond Security Ltd., an Israeli security company.
This issue is not a vulnerability in Outlook Express. Rather, it is a failing of the various AV and filtering products.