Signature Detail

SMTP: Microsoft Outlook Express Certificate Overflow

This signature detects attempts to exploit a known vulnerability against Microsoft Outlook Express, which ships with Internet Explorer 5.5. Attackers can send a maliciously crafted email to a host; if the host opens the email in Outlook Express, attackers can execute arbitrary code on the host.

Extended Description

Microsoft Outlook Express contains an unchecked buffer in the code that generates warning messages when certain error conditions associated with digital signatures are encountered. Execution of arbitrary code in the security context of the current user is possible. Microsoft has verified that this vulnerability exists in Outlook Express 5.5 and 6.0. Earlier versions may be affected, however, they are no longer supported by Microsoft.

Affected Products

• Microsoft Outlook Express 5.5
• Microsoft Outlook Express 6.0

References

• BugTraq: 5944
• CVE: CVE-2002-1179
• URL: http://www.securiteam.com/exploits/5GP0O2K8UO.html
• URL: http://www.microsoft.com/technet/security/Bulletin/MS02-058.mspx
• URL: http://www.securiteam.com/windowsntfocus/6D00B005PU.html