Microsoft Outlook Predictable File Caching

2004-05-09T06:56:01
ID OSVDB:5998
Type osvdb
Reporter http-equiv(http-equiv@excite.com )
Modified 2004-05-09T06:56:01

Description

Vulnerability Description

Outlook 2003 contains a flaw that may allow a malicious user to place potentially malicious content on a predictable location on the target's computer. The issue is triggered when malicious content is included in an <img> tag. This allows a cross-domain violation. Code on a remote web page can then open files on a local computer and execute arbitrary code with user-level security resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Outlook 2003 contains a flaw that may allow a malicious user to place potentially malicious content on a predictable location on the target's computer. The issue is triggered when malicious content is included in an <img> tag. This allows a cross-domain violation. Code on a remote web page can then open files on a local computer and execute arbitrary code with user-level security resulting in a loss of confidentiality, integrity, and/or availability.

Manual Testing Notes

<img src="malware.htm" style="display:none">

References:

Vendor URL: http://office.microsoft.com/home/office.aspx?assetid=FX01085793&CTT=6&Origin=ES790020011033 Secunia Advisory ID:11572 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0389.html Mail List Post: http://www.techsupportforum.com/computer/topic/17010-1.html Mail List Post: http://archives.neohapsis.com/archives/secunia/2004-q2/0304.html Mail List Post: http://www.coding-network.net/modules.php?name=News&file=article&sid=233 ISS X-Force ID: 16104 CVE-2004-0502 Bugtraq ID: 10307