SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (E-mail Client)  >  Microsoft Outlook Express Vendors:  Microsoft
(Vendor Issues Fix for Outlook Express) Microsoft Internet Explorer Security Domain Flaw in Accessing CHM Files Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1009755
SecurityTracker URL:  http://securitytracker.com/id?1009755
CVE Reference:  CAN-2004-0380   (Links to External Site)
Date:  Apr 13 2004
Impact:  Execution of arbitrary code via network, User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 5.5, 6
Description:  A cross-domain security vulnerability was reported in Microsoft Internet Explorer in the processing of CHM compiled help files via the ms-its and related protocol handlers. A remote user can execute arbitrary code on the target user's system. Microsoft Outlook Express is affected.

It is reported that the 'ms-its', 'ms-itss', 'its', and 'mk:@MSITStore' protocol handlers do not properly do not properly determine the appropriate security domain when accessing MIME-encapsulated HTML files (MHTML files) within CHM files. A remote user can create HTML that, when loaded by the target user, will run scripting code in the Local Computer security zone. This permits arbitrary code execution.

The malicious HTML can attempt to access an HTML file within a local MHTML file that does not exist. This reportedly will cause Internet Explorer to attempt to access the file from a remote location but incorrectly execute the file in the Local Computer security zone.

It is reported that any application that uses the WebBrowser ActiveX control or the Internet Explorer HTML rendering engine (MSHTML) may be vulnerable (for example, Outlook and Outlook Express are affected).

Thor Larholm is credited by K-OTik Security with reporting this flaw.
Impact:  A remote user can execute arbitrary code on the target user's system.
Solution:  The following patches are available:

Microsoft Outlook Express 5.5 SP2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=88D8F9DC-589A-4CE5-BB04-CCEDCB8ADDBA &displaylang=en

Microsoft Outlook Express 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=DCEB332E-CAE4-4743-B6AB-EDC1CD625AE0&displaylang=en

Microso ft Outlook Express 6 SP1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=925628BD-1B5F-4B21-8DB6-EDE1C73F97B5&displaylang=en

Microsoft Outlook Express 6 SP1 (64 bit Edition):

http://www.microsoft.com/downloads/details.aspx?FamilyId=DEDBA3EA-05EC-45AF-8795-5F785D83CA77&displaylang=en

Microsoft Outlook Express 6 on Windows Server 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=1C44FB27-6A9D-42AE-8E06-3ADBB7896BCD&displaylang=en

Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition):

http://www.microsoft.com/downloads/details.aspx?FamilyId=C765E4F3-19A4-45CF-BE99-28C136B14E30&displaylang=en

This bulletin supercedes MS03-014.
Vendor URL:  www.microsoft.com/technet/security/bulletin/ms04-013.mspx (Links to External Site)
Cause:  Access control error
Underlying OS:  Windows (NT), Windows (2000), Windows (2003), Windows (XP)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 7 2004 Microsoft Internet Explorer Security Domain Flaw in Accessing CHM Files Lets Remote Users Execute Arbitrary Code


 Source Message Contents
Date:  Tue, 13 Apr 2004 15:42:45 -0400
Subject:  MS04-013

 

http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx

 > Microsoft Security Bulletin MS04-013
 > Cumulative Security Update for Outlook Express (837009)

 > Issued: April 13, 2004

 > Maximum Severity Rating: Critical

Microsoft issued a cumulative patch for Outlook Express.  The patch includes a fix for the 
MHTML URL Processing Vulnerability (CAN-2004-0380).

Outlook Express versions 5.5 and 6 are affected on Windows NT 4.0, 2000, XP, and 2003.

Microsoft has assigned a maximum severity rating of 'Critical' to this vulnerability.

The following patches are available:

Microsoft Outlook Express 5.5 SP2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=88D8F9DC-589A-4CE5-BB04-CCEDCB8ADDBA&dis
playlang=en

Microsoft Outlook Express 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=DCEB332E-CAE4-4743-B6AB-EDC1CD625AE0&dis
playlang=en

Microsoft Outlook Express 6 SP1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=925628BD-1B5F-4B21-8DB6-EDE1C73F97B5&dis
playlang=en

Microsoft Outlook Express 6 SP1 (64 bit Edition):

http://www.microsoft.com/downloads/details.aspx?FamilyId=DEDBA3EA-05EC-45AF-8795-5F785D83CA77&dis
playlang=en

Microsoft Outlook Express 6 on Windows Server 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=1C44FB27-6A9D-42AE-8E06-3ADBB7896BCD&dis
playlang=en

Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition):

http://www.microsoft.com/downloads/details.aspx?FamilyId=C765E4F3-19A4-45CF-BE99-28C136B14E30&dis
playlang=en


This bulletin supercedes MS03-014.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC