发布时间 :2006-04-26 16:06:00
修订时间 :2011-03-07 21:35:05

[原文]Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.

[CNNVD]Microsoft Outlook 2003 SP1 参数注入漏洞(CNNVD-200604-501)

        微软Outlook 2003 SP1中存在参数注入漏洞。这使得用户辅助远程攻击者可以借助于电子邮件协议:模式处理器中的双引号字符修改传递到被调用的邮件客户端的命令行参数,如以任意文件名作为附件启动微软Outlook。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  XF  office-mailto-obtain-information(26118)
(UNKNOWN)  VUPEN  ADV-2006-1538

- 漏洞信息

Microsoft Outlook 2003 SP1 参数注入漏洞
中危 未知
2006-04-26 00:00:00 2007-08-13 00:00:00
        微软Outlook 2003 SP1中存在参数注入漏洞。这使得用户辅助远程攻击者可以借助于电子邮件协议:模式处理器中的双引号字符修改传递到被调用的邮件客户端的命令行参数,如以任意文件名作为附件启动微软Outlook。

- 公告与补丁


- 漏洞信息

Microsoft Office mailto: Arbitrary File Access
Remote / Network Access Input Manipulation
Loss of Confidentiality Solution Unknown
Exploit Public

- 漏洞描述

Microsoft Office contains a flaw that may allow a remote attacker to access arbitrary files. The issue is due to Microsoft Outlook not properly sanitizing the value of the 'mailto' URI handler. This may allow an attacker to automatically attach an arbitrary file to an e-mail by tricking a user into following a specially crafted link with the "mailto:" URI handler from a malicious web site.

- 时间线

2006-04-24 Unknow
2006-04-24 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者