SMTP: MS-Outlook: Object Tag with XML Exploit

This signature detects attempts to exploit a known vulnerability in Microsoft Outlook and Outlook Express. Attackers can embed malicious object tags in a script included with an e-mail; due to a known vulnerability in handling object tags with XML data, Outlook and Outlook Express process the script when the e-mail appears in the preview pane (the e-mail does not need to be opened). A successful attack can allow arbitrary code execution with the current user permissions.

Extended Description

Internet Explorer does not properly handle object types, when rendering XML based web sites. This may result in the possibility of the execution of malicious software. The problem occurs when Internet Explorer receives a response from the server when a malicious XML web page containing an embedded object tag is parsed. Successful exploitation of this vulnerability could allow a malicious object to be trusted and as such be installed and executed on the local system. The Mindwarper exploit is actually reported to exploit one of the issues in BID 8577, which has not been addressed by the patches provided in MS03-040.

Affected Products

Microsoft internet_explorer

Short Name
SMTP:OUTLOOK:OBJECT-TAG-XML
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SMTP
Keywords
CVE-2003-0809 Exploit MS-Outlook: Object Tag XML bid:8565 with
Release Date
08/26/2004
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Microsoft

CVSS Score

7.5

Found a potential security threat?