SMTP: MS-Outlook: Object Tag in HTML Email
This signature detects emails sent via SMTP that contain HTTP OBJECT tags in the HTML portion. Microsoft Outlook and Microsoft Word contain known vulnerabilities that handle security zones incorrectly, enabling attackers to download arbitrary data onto a target computer. The email messages detected by this signature could be malicious.
Extended Description
Microsoft Outlook when configured to employ Microsoft Word as an email editor, is reported prone to a security setting compromise vulnerability. It is reported that under certain circumstances, when an HTML email is received and said email message contains an OBJECT tag that is not closed, the URI that the OBJECT tag points to will be rendered in the Microsoft Outlook window when the email message is forwarded.
Affected Products
Microsoft word_2003
Short Name
SMTP:OUTLOOK:OBJECT-TAG
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
CVE-2004-2482 Email HTML MS-Outlook: Object Tag bid:10683 in
Release Date
08/26/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Microsoft
CVSS Score
5.0