SMTP: Internet Explorer Malformed Name Buffer Overflow
This signature detects a HTML e-mail message containing a maliciously crafted tag with an overly long "name" parameters. Attackers can send an e-mail with these malicious tags in order to exploit a vulnerability in the HTML rendering code of the mail reader, leading to remote code execution.
Extended Description
Microsoft Internet Explorer is reported prone to a remote buffer overflow vulnerability. This issue presents itself due to insufficient boundary checks performed by the application and results in arbitrary code execution or a denial of service. This issue does not affect the following Internet Explorer 6 versions: - Internet Explorer 6 for Windows Server 2003 - Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003 - Internet Explorer 6 for Windows XP Service Pack 2
Affected Products
Avaya s8100_media_servers,Avaya modular_messaging
References
BugTraq: 11515
CVE: CVE-2004-1050
URL: http://www.microsoft.com/technet/security/bulletin/MS04-040.mspx
Short Name
SMTP:OUTLOOK:HTML-NAME-OF
Severity
Major
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
Buffer CVE-2004-1050 Explorer Internet Malformed Name Overflow bid:11515
Release Date
11/09/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Avaya
Microsoft
CVSS Score
10.0