CERTVU:208052Microsoft Internet Explorer and Outlook Express MHTML rendering engine incorrectly executes script in Local Computer Zone
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.747 High
EPSS
Percentile
98.2%
Overview
There is an MHTML input validation vulnerability in Outlook Express that may lead to arbitrary command and code execution in the Local Computer Zone of a victim host.
Description
Microsoft systems use components of Microsoft Outlook Express to render MHTML (MIME Encapsulation of Aggregate HTML) when viewing files. Internet Explorer also relies on the MHTML rendering engine in Outlook Express when displaying web pages.
The MHTML rendering engine in Outlook Express does not validate the type of file being processed. This may lead to web script executing in the Local Computer Zone, which may give remote attackers control of victim systems.
Microsoft has released patches to resolve this issue in Microsoft Security Bulletin MS03-014, _Cumulative Patch for Outlook Express (330994)._Microsoft also reports that if the patches for MS03-004 have already been applied, only files already present on a target system may be executed.
Impact
By exploiting this vulnerability, an attacker may be able to launch programs on a victim’s computer in the Local Computer Zone. If an attacker can guess, discover, or know the file path of programs already installed on a victim computer, he may be able to execute arbitrary commands. Additionally, if an attacker can access files he may have downloaded to a victim system, he would be able to execute arbitrary code.
Solution
Apply patches for Outlook Express found in MS03-014.
Vendor Information
208052
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Microsoft Corporation __ Affected
Updated: August 01, 2003
Status
Affected
Vendor Statement
Please see MS03-014, Cumulative Patch for Outlook Express (330994):
<http://www.microsoft.com/technet/security/bulletin/MS03-014.asp>
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time. Please see VU#208052 for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23208052 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.microsoft.com/technet/security/bulletin/MS03-014.asp>
- <http://support.microsoft.com/?id=330994>
- <http://www.microsoft.com/technet/security/bulletin/MS03-004.asp>
- <http://www.securityfocus.com/bid/5473>
- <http://www.securityfocus.com/bid/6961>
- <http://www.microsoft.com/windows/ie/downloads/critical/330994/default.asp>
Acknowledgements
[email protected] has been acknowledged as the discoverer of this vulnerability.
This document was written by Jeffrey S. Havrilla.
Other Information
| CVE IDs: | CVE-2002-0980 |
|---|---|
| Severity Metric: | 37.80 Date Public: |
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.747 High
EPSS
Percentile
98.2%