mshtml.dll contains buffer overflow while parsing HTML with embedded ActiveX components. Stack overrun occurs during concatenation of two Unicode strings. It's possible to exploit this vulnerability to execute any code of attacker's choice.

This overflow can only be exploited if "Run ActiveX Controls and Plugins" security option is enabled. *This option is disabled by default for Restricted Sites Zone Outlook 2000, Outlook Express 6.0 and prior with security update installed open all mail, but enabled by default in all different cases. This bug doesn't depend on Windows version.

Workaround:

Make sue "Run ActiveX Controls and Plugins" option is disabled for Internet and Restricted Sites zones in security options of Internet Explorer. Check security zone for Outlook Express is set to Restricted Sites.

Vendor and Solution:

Microsoft was notified on December, 20 2001. On February, 11 2002
Microsoft released advisory MS02-005 and cumulative patch q316059 for Microsoft Internet Explorer
http://www.microsoft.com/windows/ie/...59/default.asp
Software affected: Microsoft Internet Explorer 6.0 and prior Microsoft Outlook Express 6.0 and prior* Microsoft Outlook 2000 and prior*

Remote: Yes
Exploitable: Yes