Title: Multiple Outlook/Outlook Express Predictable File Location Weaknesses
Severity: MODERATE
Description:
Microsoft Outlook and Outlook Express are reported to be prone to store various files which may contain attacker-supplied content in predictable locations, aiding in exploitation of other possible security vulnerabilities.
The following specifics examples of were provided:
Outlook Express stores a temporary copy of embedded sound files in a predictable location (profile\Local Settings\Temp\[filename].[ext]) when these files are opened. The filename and extension in this instance are attacker-specified. An attacker may exploit this weakness in combination with other issues by embedding a malicious HTML file in an e-mail message with an appropriate extension such as .mid or .wav.
Both Outlook and Outlook Express also store temporary copies of HTML documents sent via e-mail in the user's Temp folder using an .html extension. Again, other vulnerabilities may be used to reference the malicious content directly.
Outlook Express is also alleged to store Address Book files in various predictable locations on the client's file system. While the impact of this differs in nature, the Address Book may also be referenced via exploitation of other vulnerabilities, which could disclose sensitive information to remote attacks.
These issues may present a security risk because many known (and potential) Internet Explorer vulnerabilities depend on the attacker being able to directly reference malicious content on a victim system. Given both the ability to place such content on the file system and reference it specifically by location, exploitation of many browser-based vulnerabilities becomes possible. This would often allow for execution of malicious Active Content in the My Computer Zone.
Affected Products:
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 for Windows 2000
- Microsoft Internet Explorer 5.0.1 for Windows 95
- Microsoft Internet Explorer 5.0.1 for Windows 98
- Microsoft Internet Explorer 5.0.1 for Windows NT 4.0
- Microsoft Internet Explorer 5.5
- Microsoft Office 2000 SP3
- Microsoft Office XP
- Microsoft Office XP SP2
- Microsoft Outlook 2000 0.0.0
- Microsoft Outlook 2000 0.0.0 SP2
- Microsoft Outlook 2000 0.0.0SP3
- Microsoft Outlook 2002 0.0.0
- Microsoft Outlook 2002 0.0.0SP1
- Microsoft Outlook 2002 0.0.0SP2
- Microsoft Outlook 2003 0.0.0
- Microsoft Outlook Express 4.0.0
- Microsoft Outlook Express 4.0.01 SP2
- Microsoft Outlook Express 4.27.3110
- Microsoft Outlook Express 4.72.2106
- Microsoft Outlook Express 4.72.3120
- Microsoft Outlook Express 4.72.3612
- Microsoft Outlook Express 5.0.0
- Microsoft Outlook Express 5.0.01
- Microsoft Outlook Express 5.5.0
- Microsoft Outlook Express 6.0
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter Edition Itanium
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise Edition Itanium
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows XP Home
- Microsoft Windows XP Media Center Edition
- Microsoft Windows XP Professional
- Microsoft Windows XP Tablet PC Edition
References:
- Microsoft: Outlook E-Mail Security Update
- Microsoft: Technet Security
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
