Title: Microsoft Outlook Express 6 Plain Text Message Script Execution Vulnerability
Severity: MODERATE
Description:
In order for scripting components in an email message to execute, the email message must be have a content-type of text/html set in it's header.
The content-type field in the header is used by email clients and gateway filtering software to determine how to handle the message. Many administrators use gateway software to filter mail of content-type text/html so that messages containing potentially malicious scripts are not delivered.
A vulnerability exists in Outlook Express 6 which may lead to code embedded in an email message of content-type 'text/plain' to be executed.
The script code must be contained within the first 57 characters on the first line of the message. Any additional characters on either line will cause the message to be parsed in plain text. It is not known why this behaviour is present.
Only the <script> tag appears to function in this manner.
It is important to note that Outlook Express 6 does not allow any scripting to be executed by default. This security feature must be turned off in order to exploit this vulnerability.
Affected Products:
- Microsoft Outlook Express 6.0
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter Edition Itanium
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise Edition Itanium
- Microsoft Windows Server 2003 Itanium SP1
- Microsoft Windows Server 2003 Itanium SP2
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Standard x64 Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows Server 2003 x64 SP2
- Microsoft Windows XP 64-bit Edition
- Microsoft Windows XP Home
- Microsoft Windows XP Media Center Edition
- Microsoft Windows XP Media Center Edition SP2
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional x64 Edition SP2
- Microsoft Windows XP Tablet PC Edition
- Microsoft Windows XP Tablet PC Edition SP2
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
