Vulnerability Note VU#38950
MS Outlook "Cache Bypass" allows attackers to circumvent Internet Zone security policy
Microsoft has recently released Microsoft Security Bulletin MS00-046, in which they announced a patch for the "Cache Bypass" vulnerability. By exploiting this vulnerability, an attacker can use an HTML-formatted message to read certain types of files on the victim's machine.
In addition, because this vulnerability also allows the attacker to store files on the victim's machine, it can be used in conjunction with existing vulnerabilities to execute arbitrary code on the target system.
"Cache Bypass" Vulnerability
When exploited, this vulnerability allows an attacker to store an HTML file in an area that is not protected by the policies of the "Internet Zone." This file may then be used to open arbitrary files on the victim's machine and send their contents back to the attacker.
Microsoft has released Microsoft Security Bulletin MS00-046, which points to a patch for this vulnerability. We strongly encourage you to read this bulletin and apply the patch. MS00-046 is available at
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft||Affected||-||06 Oct 2000|
CVSS Metrics (Learn More)
The CERT Coordination Center thanks Microsoft for their assistance in developing this document.
This document was written by Jeffrey P Lanza.
- CVE IDs: CVE-2000-0621
- CERT Advisory: CA-2000-14
- Date Public: 20 Jul 2000
- Date First Published: 06 Oct 2000
- Date Last Updated: 05 Mar 2002
- Severity Metric: 15.75
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.