The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Outlook Express: buffer overflow of a MHTML uri

Synthesis of the vulnerability 

An attacker can create a document with a long MHTML uri in order to execute code on user's computer.
Vulnerable software: OE.
Severity of this announce: 4/4.
Creation date: 09/08/2006.
Références of this computer vulnerability: 920214, BID-18198, CERTA-2006-AVI-341, CVE-2006-2766, MS06-043, VIGILANCE-VUL-6067, VU#891204.

Description of the vulnerability 

The extensions of MHTML type (MIME HTML) are installed with Outlook Express, and then become available to other softwares such as Internet Explorer.

However, size of uri like "mhtml://mid:" is not checked. An attacker can thus generate an overflow.

This vulnerability therefore permits an attacker to execute code with rights of users accepting to click on a link.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity announce impacts software or systems such as OE.

Our Vigil@nce team determined that the severity of this threat alert is critical.

The trust level is of type confirmed by the editor, with an origin of document.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a specialist ability can exploit this computer weakness alert.

Solutions for this threat 

Outlook Express: patch for MHTML.
A patch is available:
Outlook Express 6 - Windows XP SP2
  http://www.microsoft.com/downloads/details.aspx?FamilyId=c9037cdb-3a57-4db7-aa0d-5ad28730303a
Outlook Express 6 - Windows XP Professional x64
  http://www.microsoft.com/downloads/details.aspx?familyid=71f09617-d3cd-45fb-a09b-a9025c1d3f47
Outlook Express 6 - Windows Server 2003 SP1
  http://www.microsoft.com/downloads/details.aspx?FamilyId=0c7e507f-2a42-49b5-82b2-84a6ec40b895
Outlook Express 6 - Windows Server 2003 SP1 Itanium
  http://www.microsoft.com/downloads/details.aspx?familyid=8f062b1c-7b93-4cb2-835a-b58ba29435f2
Outlook Express 6 - Windows Server 2003 x64 Edition
  http://www.microsoft.com/downloads/details.aspx?FamilyId=2aa6b4d1-a6eb-425b-ab7e-6cc27124a59e
Microsoft's announce indicates workarounds.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerabilities announces. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.