|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA11629] Microsoft Outlook RTF Embedded OLE Object Security Bypass
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue May 18 2004 - 05:51:34 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Microsoft Outlook RTF Embedded OLE Object Security Bypass
SECUNIA ADVISORY ID:
SA11629
VERIFY ADVISORY:
http://secunia.com/advisories/11629/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass
WHERE:
From remote
SOFTWARE:
Microsoft Outlook 2003
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Professional Edition
DESCRIPTION:
http-equiv has reported a vulnerability in Microsoft Outlook 2003,
allowing malicious people to perform illegal actions through emails.
Microsoft Outlook 2003 is supposed to protect the user by opening
mails in the restricted security zone, thereby preventing the use of
active scripting, download of files and more.
However, it is possible to bypass the security settings by embedding
an OLE Object with reference to a Windows media file in a Rich Text
Format (RTF) message. This can be exploited to start a download
sequence of arbitrary files, which in turn causes Internet Explorer
to prompt the user whether to download the file. However, combined
with SA11572 "Predictable File Location Weakness", it is reportedly
possible to launch the file without any warning.
This has been reported to affect Microsoft Outlook 2003. Other
versions may also be affected, however, they do not promise to
protect the user in the same way.
SOLUTION:
Filter HTML and RTF messages.
Use another product.
PROVIDED AND/OR DISCOVERED BY:
http-equiv
OTHER REFERENCES:
SA11572:
http://secunia.com/advisories/11572/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]