SMTP: Double MIME Filename Extension
This signature detects the presence of a double filename extension in different parts of an e-mail message. Double extensions can be used to bypass some filtering systems by allowing harmful content to be considered legitimate. Successful exploitation could result in remote code execution. In order to provide protection from the base64 encoded version, change "sc_mime_parse_cnt_length" to at least 256 and preferably 512 bytes.
Extended Description
Microsoft Outlook is prone to a remote code-execution vulnerability because it fails to properly verify attachments. Attackers can exploit this issue by enticing an unsuspecting user into opening a specially crafted email attachment. Successfully exploiting this issue will allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.
Affected Products
Microsoft outlook_2003
References
BugTraq: 41446
CVE: CVE-2010-0266
URL: http://www.microsoft.com/technet/security/bulletin/MS10-045.mspx
Short Name
SMTP:EXT:DOUBLE-EXTENSION-MIME
Severity
Major
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
CVE-2010-0266 Double Extension Filename MIME bid:41446
Release Date
07/13/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3