Signature Detail

SMTP: Outlook Express Management Console Access

This signature detects attempts to exploit a known vulnerability against Microsoft Outlook Express. Versions that rely on Internet Explorer 6.0 Service Pack 1 and earlier are vulnerable. Attackers can cause remote code to be executed by accessing the Management Console DLL.

Extended Description

Microsoft Management Console (MMC) is prone to a cross-zone scripting vulnerability because the operating system fails to properly restrict access to MMC components, allowing the MMC files to be referenced from the Internet Zone in some cases. Exploiting this vulnerability could let an attacker execute arbitrary code, completely compromising the computer.

Affected Products

• Microsoft Windows 2000 Advanced Server SP1
• Microsoft Windows 2000 Advanced Server SP2
• Microsoft Windows 2000 Advanced Server SP3
• Microsoft Windows 2000 Advanced Server SP4
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server SP1
• Microsoft Windows 2000 Datacenter Server SP2
• Microsoft Windows 2000 Datacenter Server SP3
• Microsoft Windows 2000 Datacenter Server SP4
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Professional SP1
• Microsoft Windows 2000 Professional SP2
• Microsoft Windows 2000 Professional SP3
• Microsoft Windows 2000 Professional SP4
• Microsoft Windows 2000 Professional
• Microsoft Windows 2000 Server SP1
• Microsoft Windows 2000 Server SP2
• Microsoft Windows 2000 Server SP3
• Microsoft Windows 2000 Server SP4
• Microsoft Windows 2000 Server
• Nortel Networks MCS5100 - Sun Platform
• Nortel Networks Self-Service MPS 100
• Nortel Networks Self-Service MPS 1000
• Nortel Networks Self-Service MPS 500
• Nortel Networks Self-Service Peri Application
• Nortel Networks Self-Service Speech Server

References

• BugTraq: 19417
• CVE: CVE-2006-3643
• URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3642
• URL: http://www.microsoft.com/technet/security/bulletin/MS06-044.mspx