Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 POP3:OUTLOOK-OBJECT-TAG

Severity

 Minor

Recommended

 No

Category

 POP3

Keywords

 Microsoft Outlook/Word Object Tag Security Setting Compromise

Release Date

 2012/12/17

Update Number

 2211

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Microsoft Outlook/Word Object Tag Security Setting Compromise


This signature detects emails sent via POP3 that contain HTTP OBJECT tags in the HTML portion. Microsoft Outlook and Microsoft Word contain known vulnerabilities that handle security zones incorrectly, enabling attackers to download arbitrary data onto a target computer. The email messages detected by this signature could be malicious.

Extended Description

Microsoft Outlook when configured to employ Microsoft Word as an email editor, is reported prone to a security setting compromise vulnerability. It is reported that under certain circumstances, when an HTML email is received and said email message contains an OBJECT tag that is not closed, the URI that the OBJECT tag points to will be rendered in the Microsoft Outlook window when the email message is forwarded.

Affected Products

  • Microsoft outlook_2000 SP2
  • Microsoft outlook_2000 SP3
  • Microsoft outlook_2000 SR1
  • Microsoft outlook_2000
  • Microsoft outlook_2003
  • Microsoft word_2000 SP2
  • Microsoft word_2000 SP3
  • Microsoft word_2000 SR1
  • Microsoft word_2000 Sr1a
  • Microsoft word_2000
  • Microsoft word_2003

References

  • BugTraq: 10683
  • CVE: CVE-2004-2482

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out