Vulnerability Note VU#208052
Microsoft Internet Explorer and Outlook Express MHTML rendering engine incorrectly executes script in Local Computer Zone
Overview
There is an MHTML input validation vulnerability in Outlook Express that may lead to arbitrary command and code execution in the Local Computer Zone of a victim host.
Description
Microsoft systems use components of Microsoft Outlook Express to render MHTML (MIME Encapsulation of Aggregate HTML) when viewing files. Internet Explorer also relies on the MHTML rendering engine in Outlook Express when displaying web pages. The MHTML rendering engine in Outlook Express does not validate the type of file being processed. This may lead to web script executing in the Local Computer Zone, which may give remote attackers control of victim systems. |
Impact
By exploiting this vulnerability, an attacker may be able to launch programs on a victim's computer in the Local Computer Zone. If an attacker can guess, discover, or know the file path of programs already installed on a victim computer, he may be able to execute arbitrary commands. Additionally, if an attacker can access files he may have downloaded to a victim system, he would be able to execute arbitrary code. |
Solution
Apply patches for Outlook Express found in MS03-014. |
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Microsoft Corporation | Vulnerable | - | 12 Aug 2003 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.cert.org/incident_notes/IN-2003-02.html">http://www.cert.org/incident_notes/IN-2003-02.html
- http://www.microsoft.com/technet/security/bulletin/MS03-014.asp
- http://support.microsoft.com/?id=330994
- http://www.microsoft.com/technet/security/bulletin/MS03-004.asp
- http://www.securityfocus.com/bid/5473
- http://www.securityfocus.com/bid/6961
- http://www.microsoft.com/windows/ie/downloads/critical/330994/default.asp
Credit
http-equiv@malware.com has been acknowledged as the discoverer of this vulnerability.
This document was written by Jeffrey S. Havrilla.
Other Information
- CVE IDs: CAN-2002-0980
- Date Public: 01 May 2003
- Date First Published: 01 Aug 2003
- Date Last Updated: 12 Aug 2003
- Severity Metric: 37.80
- Document Revision: 16
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
