Signature Detail

SMTP: Double MIME Filename Extension

This signature detects the presence of a double filename extension in different parts of an e-mail message. Double extensions can be used to bypass some filtering systems by allowing harmful content to be considered legitimate. Successful exploitation could result in remote code execution. In order to provide protection from the base64 encoded version, change "sc_mime_parse_cnt_length" to at least 256 and preferably 512 bytes.

Extended Description

Microsoft Outlook is prone to a remote code-execution vulnerability because it fails to properly verify attachments. Attackers can exploit this issue by enticing an unsuspecting user into opening a specially crafted email attachment. Successfully exploiting this issue will allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.

Affected Products

• Microsoft Outlook 2002 SP1
• Microsoft Outlook 2002 SP2
• Microsoft Outlook 2002 SP3
• Microsoft Outlook 2002
• Microsoft Outlook 2003 SP2
• Microsoft Outlook 2003 SP3
• Microsoft Outlook 2003
• Microsoft Outlook 2007
• Microsoft Outlook 2007 SP1
• Microsoft Outlook 2007 SP2

References

• BugTraq: 41446
• CVE: CVE-2010-0266
• URL: http://www.microsoft.com/technet/security/bulletin/MS10-045.mspx