EIP-2026-118862

PRE-CVE

Microsoft Outlook Express 4.x/5.x/6.0 - Plaintext Email Security Policy Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118862. PoCs published by http-equiv.

AI-analyzed exploit summary The provided text describes a security policy bypass vulnerability in Microsoft Outlook Express where a specially crafted CID URI in an HTML email causes automatic rendering of an attached image, bypassing security policies. The example demonstrates the exploit vector but lacks executable code.

Description

Microsoft Outlook Express 4.x/5.x/6.0 - Plaintext Email Security Policy Bypass

Exploits (1)

exploitdb WRITEUP VERIFIED

by http-equiv · textremotewindows

https://www.exploit-db.com/exploits/24687

View Code ZIP pw:eip

The provided text describes a security policy bypass vulnerability in Microsoft Outlook Express where a specially crafted CID URI in an HTML email causes automatic rendering of an attached image, bypassing security policies. The example demonstrates the exploit vector but lacks executable code.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Outlook Express

No auth needed

Prerequisites: Victim must open the malicious email in Outlook Express

MITRE ATT&CK

T1221 - Template Injection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026