• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Microsoft Outlook ActiveX Control Remote Internet Explorer Denial of Service Vulnerability

Severity: MODERATE

Description:

The Microsoft Office Outlook Recipient Control is prone to a denial-of-service vulnerability.

Once the affected ActiveX control with a CLSID of {0006F023-0000-0000-C000-000000000046} is instantiated in a web page, Internet Explorer will not be able to successfully close. When this object is instantiated, Internet Explorer launches Outlook to service the method.

Internet Explorer and Microsoft Outlook will both enter into an unresponsive state, denying further service to legitimate users. This is likely due to a flawed interaction between Microsoft Outlook and Internet Explorer.

An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the ActiveX control.

Specific information regarding affected packages is currently unavailable. This BID will be updated as more information becomes available.

Affected Products:

• Microsoft Excel 2002 SP3
• Microsoft Excel 2003
• Microsoft FrontPage 2002 SP3
• Microsoft FrontPage 2003
• Microsoft InfoPath 2003
• Microsoft Office 2000
• Microsoft Office 2000 Chinese Version 0.0.0
• Microsoft Office 2000 Japanese Version 0.0.0
• Microsoft Office 2000 Korean Version 0.0.0
• Microsoft Office 2000 SP1
• Microsoft Office 2000 SP2
• Microsoft Office 2000 SP2
• Microsoft Office 2000 SP2
• Microsoft Office 2000 SP3
• Microsoft Office 2002
• Microsoft Office 2003
• Microsoft Office 2003 SP1
• Microsoft Office 2003 SP2
• Microsoft Office 2003 SP3
• Microsoft Office 97 0.0.0
• Microsoft Office 97 Chinese Version 0.0.0
• Microsoft Office 97 Japanese Version 0.0.0
• Microsoft Office 97 Korean Version 0.0.0
• Microsoft Office 98 For Mac 0.0.0
• Microsoft Office XP
• Microsoft Office XP SP1
• Microsoft Office XP SP2
• Microsoft Office XP SP3
• Microsoft OneNote 2003
• Microsoft Outlook 2000 0.0.0
• Microsoft Outlook 2000 0.0.0 SP2
• Microsoft Outlook 2000 0.0.0 SR1
• Microsoft Outlook 2000 0.0.0SP3
• Microsoft Outlook 2002 0.0.0
• Microsoft Outlook 2002 0.0.0SP1
• Microsoft Outlook 2002 0.0.0SP2
• Microsoft Outlook 2002 0.0.0SP3
• Microsoft Outlook 2002 0.0.0SP3
• Microsoft Outlook 2003 0.0.0
• Microsoft Outlook 97 0.0.0
• Microsoft Outlook 98 0.0.0
• Microsoft Outlook XP 0.0.0
• Microsoft PowerPoint 2002 SP3
• Microsoft PowerPoint 2003
• Microsoft Publisher 2002 0.0.0SP3
• Microsoft Publisher 2003
• Microsoft Word 2002 SP3
• Microsoft Word 2003

References:

• Microsoft: Microsoft Office Product Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.