header-logo
Suggest Exploit
vendor:
Outlook Express
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Outlook Express
Affected Version From: Microsoft Outlook Express 5.5SP2
Affected Version To: Microsoft Outlook Express 6.0SP1
Patch Exists: YES
Related CWE: CVE-2003-0352
CPE: a:microsoft:outlook_express
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2003

Microsoft Outlook Express MHTML File and res URI Vulnerability

A vulnerability has been discovered in Microsoft Outlook Express when handling MHTML file and res URIs that could lead to an unexpected file being downloaded and executed. The problem occurs due to the component failing to securely handle MHTML file URIs that reference a non-existent resource. The affected Outlook Express component is used by Microsoft Internet Explorer. As a result, a victim browser user may inadvertently access a page designed to load an embedded object from a malicious location. This would effectively result in the execution of attacker-supplied code within the Local Zone.

Mitigation:

Microsoft has released a patch to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9105/info
 
A vulnerability has been discovered in Microsoft Outlook Express when handling MHTML file and res URIs that could lead to an unexpected file being downloaded and executed.
 
The problem occurs due to the component failing to securely handle MHTML file URIs that reference a non-existent resource. The affected Outlook Express component is used by Microsoft Internet Explorer. As a result, a victim browser user may inadvertently access a page designed to load an embedded object from a malicious location. This would effectively result in the execution of attacker-supplied code within the Local Zone. The vulnerability is present even if Microsoft Outlook has been removed as the default email client.
 
According to Microsoft, Microsoft Internet Explorer on Windows Server 2003 is prone to attacks despite its specialized configuration.
 
Microsoft Windows platforms running Microsoft Outlook Express 5.5SP2, 6.0, and 6.0SP1 are reported by the vendor to be affected though the issue may also be present in earlier versions of Microsoft Outlook Express.
 
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23401.zip

Navigation

Suggest Exploit

Services By CQR