Outlook Express 6.0 allows users to set parameters to block e-mail attachments that may contain viruses so the file cannot be launched or saved. The inaccessible files are shown in grey but, under certain conditions, access to these files can be inadvertently restored.
When an e-mail with a blocked attachment is forwarded, the attachment is also sent with it. It is then possible for the copy on the user's system to be launched or saved, said Slob.
"I was contacted by David McSpadden, a network administrator from the Indiana Members Credit Union, saying that he had experienced the problem on Windows 2000. I tested it on [Windows] XP, set Outlook Express to block attachments and that worked until I pressed 'forward' - then I had full access," he said.
Responding to Slob's report, Microsoft's Security Response Center said, "It is important for users to recognise that greyed-out attachments are not safe to be opened and should be deleted, they should not forward an e-mail with a greyed-out attachment."
Slob retorted, "So it is a feature and not a bug."