COMMAND

	ActiveX unicode parsing remote buffer overflow

SYSTEMS AFFECTED

	 Microsoft Internet Explorer 6.0 and prior

	 Microsoft Outlook Express 6.0 and prior

	 Microsoft Outlook 2000 and prior

	

PROBLEM

	In 3APA3A & Andrey Kolishak  [http://www.security.nnov.ru]  advisory
	:
	

	mshtml.dll contains buffer overflow while  parsing  HTML  with  embedded
	ActiveX components. Stack overrun occurs  during  concatenation  of  two
	Unicode  strings.  It\'s  possible  to  exploit  this  vulnerability  to
	execute any code of attacker\'s choice.
	

	This overflow can only  be  exploited  if  \"Run  ActiveX  Controls  and
	Plugins\" security option is  enabled.
	

	This option is disabled by default for  Restricted  Sites  Zone  Outlook
	2000, Outlook Express 6.0 and prior with security update installed  open
	all mail, but enabled by  default  in  all  different  cases.  This  bug
	doesn\'t depend on Windows version.
	

	No code provided yet.

SOLUTION

	 Workaround

	 ==========

	

	Make sue \"Run ActiveX Controls and  Plugins\"  option  is  disabled  for
	Internet and Restricted Sites zones  in  security  options  of  Internet
	Explorer. Check security zone for Outlook Express is set  to  Restricted
	Sites.
	

	Microsoft released advisory MS02-005 and cumulative  patch  q316059  for
	Microsoft Internet Explorer
	 

	http://www.microsoft.com/windows/ie/downloads/critical/q316059/default.asp