[原文]Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".
Microsoft Outlook Express BASE HREF Web Content Loading
Remote / Network Access
Loss of Integrity
Microsoft Outlook Express 6 contains a flaw that can be exploited by creating specially crafted message containing a "BASE HREF" with target set to "_top". The flaw may allow the loading of arbitrary external content resulting in a loss of confidentiality and/or integrity
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Filter HTML based emails.