Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 SMTP:OUTLOOK:OBJECT-TAG

Severity

 Medium

Recommended

 No

Category

 SMTP

Keywords

 MS-Outlook: Object Tag in HTML Email

Release Date

 2004/08/25

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SMTP: MS-Outlook: Object Tag in HTML Email


This signature detects emails sent via SMTP that contain HTTP OBJECT tags in the HTML portion. Microsoft Outlook and Microsoft Word contain known vulnerabilities that handle security zones incorrectly, enabling attackers to download arbitrary data onto a target computer. The email messages detected by this signature could be malicious.

Extended Description

Microsoft Outlook when configured to employ Microsoft Word as an email editor, is reported prone to a security setting compromise vulnerability. It is reported that under certain circumstances, when an HTML email is received and said email message contains an OBJECT tag that is not closed, the URI that the OBJECT tag points to will be rendered in the Microsoft Outlook window when the email message is forwarded.

Affected Products

  • Microsoft Outlook 2000 SP2
  • Microsoft Outlook 2000 SP3
  • Microsoft Outlook 2000 SR1
  • Microsoft Outlook 2000
  • Microsoft Outlook 2003
  • Microsoft Word 2000 SP2
  • Microsoft Word 2000 SP3
  • Microsoft Word 2000 SR1
  • Microsoft Word 2000 Sr1a
  • Microsoft Word 2000
  • Microsoft Word 2003

References

  • BugTraq: 10683
  • CVE: CVE-2004-2482

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out