|
Outlook Express MHTML URL Handler Vulnerability
|
|
Secunia Advisory:
|
SA8648
|
|
|
Release Date:
|
2003-04-23
|
|
Popularity:
|
7,713 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of system information
Exposure of sensitive information
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Outlook Express 5.5
Microsoft Outlook Express 6
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2002-0980
|
|
Description:
Microsoft has issued a patch for an older vulnerability in Outlook Express, which can be exploited by malicious people to perform certain actions on a user's system.
The vulnerability is caused by an error in the MHTML URL handler, which makes it possible to render any file as if it was a HTML file. Script code can therefore be included in a file and executed in the "Local Computer" zone on a user's system.
A malicious person can exploit this by constructing an URL referencing a speciel text file and include this in a MHTML document. This can either be sent directly to a user or hosted on a website. A web-based attack scenario is possible because Internet Explorer uses the vulnerable MHTML functionality implemented in Outlook Express.
Successful exploitation can automatically launch executables already present on the user's system or read arbitrary files. However, this is not possible in an email-borne attack scenario if the user is viewing the email in Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or Outlook 2000 in conjunction with the Outlook Email Security Update.
Solution:
Apply patch manually or via Windows Update:
http://www.microsoft.com/windows/ie/downloads/critical/330994/default.asp
Provided and/or discovered by:
http-equiv
Original Advisory:
http://www.microsoft.com/technet/security/bulletin/MS03-014.asp
Other References:
http://marc.theaimsgroup.com/?l=ntbugtraq&m=102937705527922&q=raw
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
