<0_29947_08CDB7E2-5BA3-4D94-877A-B5B987E21B02_US@Newsle
tters.Microsoft
.com>
To: <[EMAIL PROTECTED]>
Subject: Microsoft Security Bulletin MS02-021
Date: Thu, 25 Apr 2002 18:03:30 -0700
-----BEGIN PGP SIGNED MESSAGE-----
- -----------------------------------------------------
-----------------
Title: E-mail Editor Flaw Could Lead to Script
Execution on
Reply or Forward (Q321804)
Date: 25 April 2002
Software: Microsoft Outlook
Impact: Run Code of Attacker's Choice
Max Risk: Moderate
Bulletin: MS02-021
Microsoft encourages customers to review the Security
Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02
-021.asp.
- -----------------------------------------------------
-----------------
Issue:
======
Outlook 2000 and 2002 provide the option to use
Microsoft Word as
the e-mail editor when creating and editing e-mail in
either
Rich-Text or HTML format. A security vulnerability
exists when
Outlook is configured this way and the user forwards or
replies
to a mail from an attacker.
The vulnerability results from a difference in the
security
settings that are applied when displaying a mail versus
editing
one. When Outlook displays an HTML e-mail, it applies
Internet
Explorer security zone settings that disallow scripts
from being
run. However, if the user replies to or forwards a mail
message
and has selected Word as the e-mail editor, Outlook
opens the mail
and puts the Word editor into a mode for creating
e-mail
messages. Scripts are not blocked in this mode.
An attacker could exploit this vulnerability by sending
a
specially malformed HTML e-mail containing a script to
an Outlook
user who has Word enabled as the e-mail editor. If the
user
replied to or forwarded the e-mail, the script would
then run,
and be capable of taking any action the user could
take.
Mitigating Factors:
====================
- The vulnerability only affects Outlook users who use
Word as
their e-mail editor.
- Users who have enabled the feature introduced in
Office XP SP1
to read HTML mail as plain text are not vulnerable.
- For an attacker to successfully exploit this
vulnerability,
the user would need to reply to or forward the
malicious e-mail.
Simply reading it would not enable the scripts to
run, and the
user could delete the mail without risk.
Risk Rating:
============
- Internet systems: Low
- Intranet systems: Low
- Client systems: Moderate
Patch Availability:
===================
- A patch is available to fix this vulnerability.
Please read the
Security Bulletin at
http://www.microsoft.com/technet/security/bulletin/ms02
-021.asp
for information on obtaining this patch.
- -----------------------------------------------------
----------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE
BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.
MICROSOFT DISCLAIMS
ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE.
IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE
FOR ANY
DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL,
LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT
CORPORATION OR
ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. SOME
STATES DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL
OR
INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT
APPLY.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQEVAwUBPMiceI0ZSRQxA/UrAQEAPggAhzRC6GplwMQgZzLvwjqeFbD
7EVWceP4c
i2RhrpUsOsh/eKOqDXMhXklVToBbBp7mg3xFvoXdYURU6cC2XKEvIA5
teFac+80b
UvtlqGc4xLLcX++Ha7NjTqZYMkvYcjhwTpTanmkJ2pARix+AzLnURFi
cAftFl34k
VxkZ987igMpoUM2zexEpC9dGsPAMRhXPJnn0bvk8ETQE5r+XOo5DhI3
lTo3hVogC
3XzP2RCmkgdanOSfQdhddBxRhJ9Vz7FxrYG4CTtl96VxIAfvfEbJzuA
SVpqbMt3g
1N6wI/K4UN1qTDLoqBZplZa0x+q8FzIjd9n2IxaDUtu2dkxhVIfBGQ=
=
=TxYz
-----END PGP SIGNATURE-----
*******************************************************
************
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================