SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   Microsoft Outlook Vendors:   Microsoft
Microsoft Office Outlook Validation Error in Processing Attachments Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1024189
SecurityTracker URL:  http://securitytracker.com/id/1024189
CVE Reference:   CVE-2010-0266   (Links to External Site)
Date:  Jul 13 2010
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2002 SP3, 2003 SP3, 2007 SP2; and prior service packs
Description:   A vulnerability was reported in Microsoft Office Outlook. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted e-mail attachment that, when opened by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

Attachments using the ATTACH_BY_REFERENCE value of the PR_ATTACH_METHOD property are affected.

Yorick Koster reported this vulnerability via the SSD/SecuriTeam Secure Disclosure program.

Impact:   A remote user can create an e-mail attachment that, when opened by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes:

Microsoft Office XP Service Pack 3, Microsoft Office Outlook 2002 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=DAACF400-4AA3-4479-A60F-B8863BA1E16D

Microsoft Office 2003 Service Pack 3, Microsoft Office Outlook 2003 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=EF5B0048-96F1-43A6-9848-7F6ADCCD10B3

2007 Microsoft Office System Service Pack 1 and 2007 Microsoft Office System Service Pack 2, Microsoft Office Outlook 2007 Service Pack 1 and Microsoft Office Outlook 2007 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=4E2E7C49-6665-4135-ADBB-8E831A91D0FE

A restart may be required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-045.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms10-045.mspx (Links to External Site)
Cause:   Not specified
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC