Signature Detail

HTTP: Microsoft Outlook Recipient ActiveX Control Access

This signature detects attempts to use unsafe ActiveX controls against Microsoft Outlook Recipient. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

The Microsoft Office Outlook Recipient Control is prone to a denial-of-service vulnerability. An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the ActiveX control. Specific information regarding affected packages is currently unavailable. This BID will be updated as more information becomes available.

Affected Products

• Microsoft Office 2000 SP1
• Microsoft Office 2000 SP2
• Microsoft Office 2000 SP3
• Microsoft Office 2000
• Microsoft Office 2000 Chinese Version
• Microsoft Office 2000 Japanese Version
• Microsoft Office 2000 Korean Version
• Microsoft Office 2002
• Microsoft Office 2003 SP1
• Microsoft Office 2003 SP2
• Microsoft Office 2003 SP3
• Microsoft Office 2003
• Microsoft Office 97
• Microsoft Office 97 Chinese Version
• Microsoft Office 97 Japanese Version
• Microsoft Office 97 Korean Version
• Microsoft Office 98 For Mac
• Microsoft Office XP SP1
• Microsoft Office XP SP2
• Microsoft Office XP SP3
• Microsoft Office XP
• Microsoft Outlook 2000 SP2
• Microsoft Outlook 2000 SP3
• Microsoft Outlook 2000 SR1
• Microsoft Outlook 2000
• Microsoft Outlook 2002 SP1
• Microsoft Outlook 2002 SP2
• Microsoft Outlook 2002 SP3
• Microsoft Outlook 2002
• Microsoft Outlook 2003
• Microsoft Outlook 97
• Microsoft Outlook 98
• Microsoft Outlook XP

References

• BugTraq: 21649
• CVE: CVE-2006-6659