CVE-2002-0285
CVSS7.5
发布时间 :2002-05-31 00:00:00
修订时间 :2016-10-17 22:18:21
NMCOS    

[原文]Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.


[CNNVD]Outlook Express的附件回车/换行密封过滤绕过漏洞(CNNVD-200205-144)

        Windows中Outlook Express 5.5和6.0版本处理消息头中的回车("CR"),将它视为一个有效地回车/换行连结(CR/LF),远程攻击者借助只含有CR的带有头的邮件消息绕过病毒保护或者其他过滤机制。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:outlook_express:5.5Microsoft outlook_express 5.5
cpe:/a:microsoft:outlook_express:6.0Microsoft outlook_express 6.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0285
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0285
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200205-144
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=101362077701164&w=2
(UNKNOWN)  BUGTRAQ  20020212 Outlook will see non-existing attachments
http://www.iss.net/security_center/static/8198.php
(UNKNOWN)  XF  outlook-express-return-bypass(8198)
http://www.securityfocus.com/bid/4092
(UNKNOWN)  BID  4092

- 漏洞信息

Outlook Express的附件回车/换行密封过滤绕过漏洞
高危 设计错误
2002-05-31 00:00:00 2005-10-20 00:00:00
远程  
        Windows中Outlook Express 5.5和6.0版本处理消息头中的回车("CR"),将它视为一个有效地回车/换行连结(CR/LF),远程攻击者借助只含有CR的带有头的邮件消息绕过病毒保护或者其他过滤机制。

- 公告与补丁

        Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息

11419
Microsoft Outlook Express Header Carriage Return Filter Bypass

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-02-12 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Outlook Express Attachment Carriage Return/Linefeed Encapsulation Filtering Bypass Vulnerability
Design Error 4092
Yes No
2002-02-13 12:00:00 2009-07-11 10:56:00
This vulnerability was discovered by Valentijn Sessink <valentyn+bugtraq@nospam.openoffice.nl>.

- 受影响的程序版本

Microsoft Outlook Express 5.5
+ Microsoft Internet Explorer 5.0.1 for Windows NT 4.0
+ Microsoft Internet Explorer 5.0.1 for Windows NT 4.0
+ Microsoft Internet Explorer 5.0.1 for Windows 98
+ Microsoft Internet Explorer 5.0.1 for Windows 98
+ Microsoft Internet Explorer 5.0.1 for Windows 95
+ Microsoft Internet Explorer 5.0.1 for Windows 95
+ Microsoft Internet Explorer 5.0.1 for Windows 2000
+ Microsoft Internet Explorer 5.0.1 for Windows 2000
+ Microsoft Internet Explorer 5.0.1
+ Microsoft Internet Explorer 5.0.1
+ Microsoft Internet Explorer 5.5
+ Microsoft Internet Explorer 5.5
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0

- 漏洞讨论

Outlook Express is a freely available Mail User Agent (MUA) for Microsoft Windows Operating Systems. It is distributed and maintained by Microsoft.

It is possible to send attachments to Outlook Express users using non-standard attachment techniques. This can be accomplished by encapsulating the data in Carriage Return (&lt;CR&gt;) specifiers in the Subject line of an email. Upon receiving an email with a subject line containing carriage returns, Outlook Express will interpret the data section of the mail beginning in the subject line. This problem is compounded by the fact that mail filtering utilities do not search the subject line for this type of data, and can allow a malicious file to pass to an Outlook Express user.

- 漏洞利用

No exploit is required for this vulnerability.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站