Title: Microsoft Outlook Concealed Attachment Vulnerability
Severity: HIGH
Description:
Several versions of Microsoft Outlook's mail and news components are vulnerable to the remote inclusion of a hidden, potentially malicious attachment in incoming email and news messages.
By crafting a string for the subject: field of a specific length, a malicious user can force the receiving MS Outlook client to reconstruct the included string as an attachment containing attacker-supplied data. If this string is properly constructed, the resulting attachment may be executable and capable of compromising the receiving host's security.
The required length of this string varies among different versions of the product.
The concealed attachment will not be mentioned in the message header, and remains effectively hidden until the message is received by a vulnerable version of Outlook.
Certain types of network mail filters may fail to detect the surreptitious attachment.
Properly exploited, this can allow an attacker to create a hidden attachment containing hostile code, which will be effectively invisible during the message's transport. The attacker is also able to obfuscate the extension of the attached file so that it appears to be a non-threatening graphics file or another non-executable file-type.
As a result, IE5.5 will deliver an apparently innocuous message containing a dangerous executable attachment, which may be inadvertently executed by the recipient.
This method is also capable of circumventing Outlook's security feature which restricts the saving or execution of potentially dangerous file attachments.
Affected Products:
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 for Windows 2000
- Microsoft Internet Explorer 5.0.1 for Windows 95
- Microsoft Internet Explorer 5.0.1 for Windows 98
- Microsoft Internet Explorer 5.0.1 for Windows NT 4.0
- Microsoft Internet Explorer 5.5
- Microsoft Outlook 2000 0.0.0
- Microsoft Outlook 98 0.0.0
- Microsoft Outlook Express 5.5.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
