Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 POP3:OUTLOOK:HRALIGN-OF

Severity

 Warning

Recommended

 No

Category

 POP3

Keywords

 Outlook Express HR Tag Align Parameter Buffer Overflow

Release Date

 2003/10/15

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

POP3: Outlook Express HR Tag Align Parameter Buffer Overflow


This signature detects attempts to exploit a known vulnerability against Outlook Express. Attackers can embed a script in malicious HTML-formatted e-mail to dynamically set the "align" parameter to the "HR" tag.

Extended Description

Microsoft Windows platforms are prone to a boundary condition error in the HTML converter. If the 'Align' attribute of the 'HR' tag is given an excessively large value, an internal buffer will be overrun. This issue can be exploited via applications which use the HTML converter (such as Internet Explorer) and will permit arbitrary code to be executed on a vulnerable system.

Affected Products

  • Microsoft internet_explorer 5.0
  • Microsoft internet_explorer 5.0.1
  • Microsoft internet_explorer 5.0.1 SP1
  • Microsoft internet_explorer 5.0.1 SP2
  • Microsoft internet_explorer 5.0.1 SP3
  • Microsoft internet_explorer 5.5
  • Microsoft internet_explorer 5.5 SP1
  • Microsoft internet_explorer 5.5 SP2
  • Microsoft internet_explorer 6.0
  • Microsoft internet_explorer 6.0 SP1
  • Microsoft windows_2000_advanced_server SP1
  • Microsoft windows_2000_advanced_server SP2
  • Microsoft windows_2000_advanced_server SP3
  • Microsoft windows_2000_advanced_server SP4
  • Microsoft windows_2000_advanced_server
  • Microsoft windows_2000_datacenter_server SP1
  • Microsoft windows_2000_datacenter_server SP2
  • Microsoft windows_2000_datacenter_server SP3
  • Microsoft windows_2000_datacenter_server SP4
  • Microsoft windows_2000_datacenter_server
  • Microsoft windows_2000_professional SP1
  • Microsoft windows_2000_professional SP2
  • Microsoft windows_2000_professional SP3
  • Microsoft windows_2000_professional SP4
  • Microsoft windows_2000_professional
  • Microsoft windows_2000_server SP1
  • Microsoft windows_2000_server SP2
  • Microsoft windows_2000_server SP3
  • Microsoft windows_2000_server SP4
  • Microsoft windows_2000_server
  • Microsoft windows_2000_terminal_services SP1
  • Microsoft windows_2000_terminal_services SP2
  • Microsoft windows_2000_terminal_services SP3
  • Microsoft windows_2000_terminal_services SP4
  • Microsoft windows_2000_terminal_services
  • Microsoft windows_95
  • Microsoft windows_98
  • Microsoft windows_98se
  • Microsoft windows_me
  • Microsoft windows_nt_enterprise_server 4.0
  • Microsoft windows_nt_enterprise_server 4.0 SP1
  • Microsoft windows_nt_enterprise_server 4.0 SP2
  • Microsoft windows_nt_enterprise_server 4.0 SP3
  • Microsoft windows_nt_enterprise_server 4.0 SP4
  • Microsoft windows_nt_enterprise_server 4.0 SP5
  • Microsoft windows_nt_enterprise_server 4.0 SP6
  • Microsoft windows_nt_enterprise_server 4.0 SP6a
  • Microsoft windows_nt_server 4.0
  • Microsoft windows_nt_server 4.0 SP1
  • Microsoft windows_nt_server 4.0 SP2
  • Microsoft windows_nt_server 4.0 SP3
  • Microsoft windows_nt_server 4.0 SP4
  • Microsoft windows_nt_server 4.0 SP5
  • Microsoft windows_nt_server 4.0 SP6
  • Microsoft windows_nt_server 4.0 SP6a
  • Microsoft windows_nt_terminal_server 4.0
  • Microsoft windows_nt_terminal_server 4.0 SP1
  • Microsoft windows_nt_terminal_server 4.0 SP2
  • Microsoft windows_nt_terminal_server 4.0 SP3
  • Microsoft windows_nt_terminal_server 4.0 SP4
  • Microsoft windows_nt_terminal_server 4.0 SP5
  • Microsoft windows_nt_terminal_server 4.0 SP6
  • Microsoft windows_nt_workstation 4.0
  • Microsoft windows_nt_workstation 4.0 SP1
  • Microsoft windows_nt_workstation 4.0 SP2
  • Microsoft windows_nt_workstation 4.0 SP3
  • Microsoft windows_nt_workstation 4.0 SP4
  • Microsoft windows_nt_workstation 4.0 SP5
  • Microsoft windows_nt_workstation 4.0 SP6
  • Microsoft windows_nt_workstation 4.0 SP6a
  • Microsoft windows_server_2003_datacenter_edition
  • Microsoft windows_server_2003_datacenter_edition_itanium
  • Microsoft windows_server_2003_enterprise_edition
  • Microsoft windows_server_2003_enterprise_edition_itanium
  • Microsoft windows_server_2003_standard_edition
  • Microsoft windows_server_2003_web_edition
  • Microsoft windows_xp_64-bit_edition SP1
  • Microsoft windows_xp_64-bit_edition
  • Microsoft windows_xp_gold
  • Microsoft windows_xp_home SP1
  • Microsoft windows_xp_home
  • Microsoft windows_xp_media_center_edition
  • Microsoft windows_xp_professional SP1
  • Microsoft windows_xp_professional

References

  • BugTraq: 8016
  • CVE: CVE-2003-0469

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out