SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   Microsoft Internet Explorer Vendors:   Microsoft
Microsoft Internet Explorer May Automatically Execute Certain E-mail Attachments
SecurityTracker Alert ID:  1001197
SecurityTracker URL:  http://securitytracker.com/id/1001197
CVE Reference:   CVE-2001-0154   (Links to External Site)
Updated:  Jan 22 2008
Original Entry Date:  Mar 30 2001
Impact:   Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.01 (except with Service Pack 2), 5.5
Description:   Microsoft issued a security bulletin (MS01-020) announcing that, when rendering HTML-based e-mail messages that have incorrect MIME headers, Microsoft Internet Explorer may execute arbitrary code contained in an attachment to the email.

There is a flaw in Internet Explorer's processing of certain "unusual" MIME types. This vulnerability enables an attacker to create an HTML-based email containing a header with one of the certain unusual MIME types and containing an executable attachment such that the Internet Explorer browser will automatically execute the attachment when processing the message.

The vendor notes that the vulnerability cannot be exploited if the "File Downloads" setting has been expressly disabled in the Security Zone in which the e-mail is rendered.

Impact:   A remote attacker could send a specially crafted HTML-based e-mail message containing a malicious executable that will be automatically executed by Internet Explorer when a recipient opens the e-mail for reading (if the user's default browser is Internet Explorer).
Solution:   The vendor has released a patch.
Vendor URL:  www.microsoft.com/technet/security/bulletin/MS01-020.asp (Links to External Site)
Cause:   State error
Underlying OS:  Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Re: Microsoft Internet Explorer May Automatically Execute Certain E-mail Attachments
The specific type of MIME header is identified and some demonstration exploit code is posted.
(CIAC Issues Bulletin) Re: Microsoft Internet Explorer May Automatically Execute Certain E-mail Attachments
CIAC issued Bulletin Number L-066.
(CERT Issues Advisory) Re: Microsoft Internet Explorer May Automatically Execute Certain E-mail Attachments
CERT has issued advisory CA-2001-06 for this vulnerability.



 Source Message Contents

Subject:  Microsoft Security Bulletin MS01-020


The following is a Security  Bulletin from the Microsoft Product Security
Notification Service.

Please do not  reply to this message,  as it was sent  from an unattended
mailbox.
                    ********************************

-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------
Title:      Incorrect MIME Header Can Cause IE to Execute E-mail 
            Attachment
Date:       29 March 2001
Software:   Microsoft Internet Explorer
Impact:     Run code of attacker's choice.
Bulletin:   MS01-020

Microsoft encourages customers to review the Security Bulletin 
at: http://www.microsoft.com/technet/security/bulletin/MS01-020.asp.
- ----------------------------------------------------------------------

Issue:
======
Because HTML e-mails are simply web pages, IE can render them and
open 
binary attachments in a way that is appropriate to their MIME types. 
However, a flaw exists in the type of processing that is specified
for 
certain unusual MIME types. If an attacker created an HTML e-mail 
containing an executable attachment, then modified the MIME header 
information to specify that the attachment was one of the unusual
MIME 
types that IE handles incorrectly, IE would launch the attachment 
automatically when it rendered the e-mail. 

An attacker could use this vulnerability in either of two scenarios. 
She could host an affected HTML e-mail on a web site and try to 
persuade another user to visit it, at which point script on a web
page 
could open the mail and initiate the executable. Alternatively, she 
could send the HTML mail directly to the user. In either case, the 
executable attachment, if it ran, would be limited only by user's 
permissions on the system. 

Mitigating Factors:
====================
The vulnerability could not be exploited if File Downloads have been 
disabled in the Security Zone in which the e-mail is rendered. This
is 
not a default setting in any zone, however. 

Patch Availability:
===================
 - A patch is available to fix this vulnerability. Please read the 
   Security Bulletin
   http://www.microsoft.com/technet/security/bulletin/ms01-020.asp
   for information on obtaining this patch.

Acknowledgment:
===============
 - Juan Carlos Cuartango (http://www.kriptopolis.com) 

- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED 
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL 
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF 
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT 
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES 
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS 
OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. 
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY 
NOT APPLY.



-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQEVAwUBOsP2xI0ZSRQxA/UrAQE2Qwf/QCMKq96UCHrLAVZrZG77oLp8Z9uZ+fMg
tU6Q2n4iR0SVxckd3uwfuMN7xypztrxwdVk15QhBihuK63J+P/r4XA0Q6tYi6mlF
h6vDBZrJyCoJ485HkIZDoiEKd++Uw+D9nCbp0aUjX7c3vbAeBINSRkhXIIJ9JlkL
23UAZBgab2LlL60hX+X47TNl5x6Jc8OQOBNnIWEF3YH3WeVEsALzGI5ewvJbfMvd
3IKedgxf83B0ds0nAMcHOwsZFa+cDAta6AlWxXnwXK6g5ndKqi209Lf3/1vN9fdL
h77OTFU+RGUrnLcIhrZV06u+I6U/SE7CF9k3heuyo834QezsLCvq4w==
=+KNh
-----END PGP SIGNATURE-----

   *******************************************************************
You have received  this e-mail bulletin as a result  of your registration
to  the   Microsoft  Product  Security  Notification   Service.  You  may
unsubscribe from this e-mail notification  service at any time by sending
an  e-mail  to  MICROSOFT_SECURITY-SIGNOFF-REQUEST@ANNOUNCE.MICROSOFT.COM
The subject line and message body are not used in processing the request,
and can be anything you like.

To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.

For  more  information on  the  Microsoft  Security Notification  Service
please  visit  http://www.microsoft.com/technet/security/notify.asp.  For
security-related information  about Microsoft products, please  visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC