HTTP: Microsoft Outlook Mailto Command Execution
This signature detects attempts to exploit a known vulnerability against Microsoft Outlook. A successful attack can lead to arbitrary code execution.
Extended Description
Microsoft Outlook is prone to a vulnerability that may permit execution of arbitrary code on client systems. This issue is exposed through Outlook, but will reportedly cause Internet Explorer to load malicious content in the Local Zone. This is related to how mailto URIs are handled by the software and may be exploited from a malicious web page or through HTML e-mail. This issue will permit a remote attacker to influence how Outlook invoked via mailto URIs, allowing for execution of malicious scripting in the Local Zone through an attacker-specified Outlook profile parameter. ** It was initially reported that exploitation of this issue will depend on the Outlook Today page being the default folder homepage. Additional details have been made available to indicate that in situations where this is not the default page, it is possible to use two mailto URIs to exploit the issue. The first URI would display the Outlook Today view and the second would include an embedded JavaScript URI.
Affected Products
Microsoft office_xp
Short Name
HTTP:STC:OUTLOOK:MAILTO-QUOT-CE
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2004-0121 Command Execution Mailto Microsoft Outlook bid:9827
Release Date
03/11/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5