Exploit Microsoft Outlook Express 6.0 - '.MHTML' Forced File Execution (1)

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
23400
Проверка EDB
  1. Пройдено
Автор
LIU DIE
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2004-0380
Дата публикации
2003-11-25
Код:
source: https://www.securityfocus.com/bid/9105/info

A vulnerability has been discovered in Microsoft Outlook Express when handling MHTML file and res URIs that could lead to an unexpected file being downloaded and executed.

The problem occurs due to the component failing to securely handle MHTML file URIs that reference a non-existent resource. The affected Outlook Express component is used by Microsoft Internet Explorer. As a result, a victim browser user may inadvertently access a page designed to load an embedded object from a malicious location. This would effectively result in the execution of attacker-supplied code within the Local Zone. The vulnerability is present even if Microsoft Outlook has been removed as the default email client.

According to Microsoft, Microsoft Internet Explorer on Windows Server 2003 is prone to attacks despite its specialized configuration.

Microsoft Windows platforms running Microsoft Outlook Express 5.5SP2, 6.0, and 6.0SP1 are reported by the vendor to be affected though the issue may also be present in earlier versions of Microsoft Outlook Express.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23400.zip
 
Источник
www.exploit-db.com

Похожие темы