I went ahead, and downloaded and applied the patch to one of my systems.. This system is a Windows 2000 SP3 + all sec patches to dsate, IE6 SP1 V6.0.2800.1106, OE6 V6.0.2800.1106.
To my surprise, the patch refused to install, telling me "This update requires Internet Explorer 6.0 to be installed.". So. Is Outlook Express V6 (as of MS Internet Explorer V6 SP1) vulnerable or not? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
