SMTP: Outlook Express Management Console Access
This signature detects attempts to exploit a known vulnerability against Microsoft Outlook Express. Versions that rely on Internet Explorer 6.0 Service Pack 1 and earlier are vulnerable. Attackers can cause remote code to be executed by accessing the Management Console DLL.
Extended Description
Microsoft Management Console (MMC) is prone to a cross-zone scripting vulnerability because the operating system fails to properly restrict access to MMC components, allowing the MMC files to be referenced from the Internet Zone in some cases. Exploiting this vulnerability could let an attacker execute arbitrary code, completely compromising the computer.
Affected Products
Nortel_networks self-service_mps_1000,Microsoft windows_2000_server
Short Name
SMTP:OUTLOOK:MMCN-EXEC
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
SMTP
Keywords
Access CVE-2006-3643 Console Express Management Outlook bid:19417
Release Date
08/08/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
CVSS Score
6.0