Title

Microsoft Office Outlook Remote Code Execution Vulnerability (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a vulnerability affecting Microsoft Office Outlook. To exploit this vulnerability, an attacker would entice a user to open an attachment in a malicious e-mail message using an affected version of Microsoft Office Outlook. If successfully exploited, this vulnerability would allow an attacker to run arbitrary code in the context of the logged on user. At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. Microsoft Outlook SMB Attachment Vulnerability - (CVE-2010-0266): A remote code execution vulnerability exists in the way that Microsoft Office Outlook verifies attachments in a specially crafted e-mail message. The vulnerability is due to Microsoft Office Outlook not properly verifying an attachment that is attached using the ATTACH_BY_REFERENCE value of the PR_ATTACH_METHOD property in a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could compromise an affected system.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS10-045 (978212). Vulnerable Applications/Systems: Microsoft Office Outlook 2002 SP3 Microsoft Office Outlook 2003 SP3 Microsoft Office Outlook 2007 SP1 and SP2 Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Outlook.exe MS Office Outlook 2002 10.0.6863.0 MS Office Outlook 2003 11.0.8325.0 MS Office Outlook 2007 12.0.6535.5005

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-24852

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.