[] NeoSense
E X P L O I T S
title author type platform port cve id

Microsoft Outlook Express 5/6 - Spoofable File Extensions

Author: Matthew Murphy
type: remote
platform: windows
port: 
date_added: 2002-07-20 
date_updated: 2012-10-08 
verified: 1 
codes: OSVDB-11950 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/5277/info

It is possible for a malicious user, sending email via a mail agent capable of manipulating the MIME headers, to spoof file extensions for users of Outlook Express. For example, an .exe file can be made to look like a .txt (or other seemingly harmless file type) file in the attachment list.

When including a certain string of characters between the filename and the actual file extension, Outlook Express will display the specified misleading file extension type.

The end result is that an attacker is able to entice a user to open or save files of arbitrary types to their local system.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21631.eml
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.