Signature Detail

Short Name	SMTP:OUTLOOK:DHTML-HANDLER-RACE
Severity	Medium
Recommended	No
Category	SMTP
Keywords	microsoft outlook internet explorer
Release Date	2005/06/22
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SMTP: DHTML Object Handling Race Condition

This signature detects e-mail containing a malicious HTML document. Attackers can create a malicious HTML formatted e-mail that exploits a race condition vulnerability in Microsoft Outlook.

Extended Description

A vulnerability in Microsoft Internet Explorer may allow remote attackers to execute arbitrary code in the context of users visiting malicious Web sites. This issue presents itself the affected application attempts to process certain script objects, a race condition may lead to the execution of attacker-supplied code.

Affected Products

Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 5.0.1 SP1
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.0.1 SP4
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 5.5 SP1
Microsoft Internet Explorer 5.5 SP2
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 SP1

References

BugTraq: 13120
CVE: CVE-2005-0553
URL: http://www.frsirt.com/exploits/20050412.InternetExploiter2.php
URL: http://www.microsoft.com/technet/security/Bulletin/MS05-020.mspx

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

SMTP: DHTML Object Handling Race Condition

Extended Description

Affected Products

References