POP3: Microsoft Outlook Express MHTML URL Arbitrary Code Execution
This signature detects attempts to exploit a known vulnerability against Microsoft Outlook Express. Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 are vulnerable. A successful attack could allow the attacker to execute arbitrary code on the affected system.
Extended Description
A vulnerability has been discovered in Microsoft Outlook Express when handling MHTML file and res URIs that could lead to an unexpected file being downloaded and executed. The problem occurs due to the component failing to securely handle MHTML file URIs that reference a non-existent resource. The affected Outlook Express component is used by Microsoft Internet Explorer. As a result, a victim browser user may inadvertently access a page designed to load an embedded object from a malicious location. This would effectively result in the execution of attacker-supplied code within the Local Zone. The vulnerability is present even if Microsoft Outlook has been removed as the default email client. According to Microsoft, Microsoft Internet Explorer on Windows Server 2003 is prone to attacks despite its specialized configuration. Microsoft Windows platforms running Microsoft Outlook Express 5.5SP2, 6.0, and 6.0SP1 are reported by the vendor to be affected though the issue may also be present in earlier versions of Microsoft Outlook Express.
Affected Products
Avaya s8100_media_servers,Microsoft windows_2000_server
Short Name
POP3:MS-OUTLOOK-EXP-MHTML-CE
Severity
Major
Recommended
False
Recommended Action
None
Category
POP3
Keywords
Arbitrary CVE-2004-0380 Code Execution Express MHTML Microsoft Outlook URL bid:9105
Release Date
12/21/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
10.0