SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#208052

Microsoft Internet Explorer and Outlook Express MHTML rendering engine incorrectly executes script in Local Computer Zone

Overview

There is an MHTML input validation vulnerability in Outlook Express that may lead to arbitrary command and code execution in the Local Computer Zone of a victim host.

I. Description

Microsoft systems use components of Microsoft Outlook Express to render MHTML (MIME Encapsulation of Aggregate HTML) when viewing files. Internet Explorer also relies on the MHTML rendering engine in Outlook Express when displaying web pages.

The MHTML rendering engine in Outlook Express does not validate the type of file being processed. This may lead to web script executing in the Local Computer Zone, which may give remote attackers control of victim systems.

Microsoft has released patches to resolve this issue in Microsoft Security Bulletin MS03-014, Cumulative Patch for Outlook Express (330994).Microsoft also reports that if the patches for MS03-004 have already been applied, only files already present on a target system may be executed.

II. Impact

By exploiting this vulnerability, an attacker may be able to launch programs on a victim's computer in the Local Computer Zone. If an attacker can guess, discover, or know the file path of programs already installed on a victim computer, he may be able to execute arbitrary commands. Additionally, if an attacker can access files he may have downloaded to a victim system, he would be able to execute arbitrary code.

III. Solution

Apply patches for Outlook Express found in MS03-014.

Systems Affected

VendorStatusDate NotifiedDate Updated
Microsoft CorporationVulnerable1-Aug-2003

References

http://www.cert.org/incident_notes/IN-2003-02.html
http://www.microsoft.com/technet/security/bulletin/MS03-014.asp
http://support.microsoft.com/?id=330994
http://www.microsoft.com/technet/security/bulletin/MS03-004.asp
http://www.securityfocus.com/bid/5473
http://www.securityfocus.com/bid/6961
http://www.microsoft.com/windows/ie/downloads/critical/330994/default.asp

Credit

http-equiv@malware.com has been acknowledged as the discoverer of this vulnerability.

This document was written by Jeffrey S. Havrilla.

Other Information

Date Public:2003-05-01
Date First Published:2003-08-01
Date Last Updated:2003-08-12
CERT Advisory: 
CVE-ID(s):CAN-2002-0980
NVD-ID(s):CAN-2002-0980
US-CERT Technical Alerts: 
Metric:37.80
Document Revision:16

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2003 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader