Ask the Expert

How a virus is executed from Outlook's preview pane

How exactly does a virus execute itself just from previewing in Outlook Express? Does turning off the preview pane prevent this, and would this mean that you would have to delete it before you previewed it?

In the past month, I've received two e-mails that tripped my antivirus software wires. The message I got (I didn't write it down) was confusing. It said it found a virus and couldn't do anything about it. The e-mails contained attachments that I never opened, and I just deleted the e-mails. I also received two e-mails that were definitely viruses (I got a game for you and cool flash), and my antivirus did not detect. However, I just deleted them.

I am still up and running, no trigger event, do you think I could be infected?

    Requires Free Membership to View

I'll include links to the details as provided by Microsoft concerning this sort of vulnerability. I'm sure you'll understand if I don't tell you how the actual virus code works.

In an nutshell, when an e-mail that has been sent in HTML format is opened by Outlook Express, the Internet Explorer program is invoked to display the e-mail message properly in the mail client. Internet Explorer first examines the e-mail to determine the type of attachment. If the attachment is a normal non-executable file, IE will automatically render it in all its HTML graphical glory.

A virus can edit the e-mail's attachment information, tricking Internet Explorer into automatically executing the e-mail attachment if it was an executable file, by altering the MIME headers to make it appear that the attachment is not in fact an executable file.

Suffice to say that you should patch your copy of Outlook Express to remove this vulnerability from your system. Until you do so, your system is in a less secure state.

Get Microsoft info about a patch here.

For more information on this topic, visit these other SearchSecurity resources:
Ask the Expert: Whether or not to use Outlook's preview pane
Tech Tip: Preview "pain"

This was first published in June 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: