1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS Outlook ActiveX IE DoS

HTTP MS Outlook ActiveX IE DoS

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detect attempts to trigger a denial of service vulnerability by instantiating Microsoft Outlook ActiveX Control in Internet Explorer.

Additional Information

The Microsoft Office Outlook Recipient Control is prone to a denial-of-service vulnerability.

Once the affected ActiveX control with a CLSID of {0006F023-0000-0000-C000-000000000046} is instantiated in a web page, Internet Explorer will not be able to successfully close. When this object is instantiated, Internet Explorer launches Outlook to service the method.

Internet Explorer and Microsoft Outlook will both enter into an unresponsive state, denying further service to legitimate users. This is likely due to a flawed interaction between Microsoft Outlook and Internet Explorer.

An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the ActiveX control.

Specific information regarding affected packages is currently unavailable. This BID will be updated as more information becomes available.

Affected

  • Microsoft Internet Explorer for Unix SP2
  • Microsoft Office 2002
  • Microsoft Office 2000 SP1, SP2, SP3
  • Microsoft Office 2000 Chinese Version
  • Microsoft Office 2000 Japanese Version
  • Microsoft Office 2000 Korean Version
  • Microsoft Office 2003 SP1, SP2
  • Microsoft Office 97
  • Microsoft Office 97 Chinese Version
  • Microsoft Office 97 Japanese Version
  • Microsoft Office 97 Korean Version
  • Microsoft Office 98 For Mac
  • Microsoft Office XP SP1, SP2, SP3
  • Microsoft Outlook 2000 SP2, SP3, SR1
  • Microsoft Outlook 2002 SP1, SP2, SP3
  • Microsoft Outlook 2003
  • Microsoft Outlook 97
  • Microsoft Outlook 98
  • Microsoft Outlook XP
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube