SMTP: Outlook VML Overflow
This signature detects attempts to exploit a known vulnerability in Microsoft Outlook. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.
Extended Description
Microsoft Internet Explorer is prone to a buffer-overflow vulnerability that arises because of an error in the processing of Vector Markup Language documents. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. The method currently used to exploit this issue will typically terminate Internet Explorer. This vulnerability is currently being exploited in the wild as 'Trojan.Vimalov'. This vulnerability affects Internet Explorer version 6.0 on a fully patched system. Previous versions may also be affected. Update: Microsoft Outlook 2003 is also an attack vector for this issue, since it uses Internet Explorer to render HTML email. Reportedly, attacks are possible even when active scripting has been disabled for email viewing.
Affected Products
Avaya s8100_media_servers,Microsoft windows_xp_media_center_edition
Short Name
SMTP:OUTLOOK:VML-BOF
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
CVE-2006-3866 Outlook Overflow VML bid:20096
Release Date
09/26/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Microsoft
Avaya