Secunia

Customer Area icon help

Need help?

Try CSI

Download PSI icon Scan now

Scan Now

Community

Advisories

Database Search Advisories by Product Advisories by Vendor Terminology Report vulnerability

Research Forum My Profile Our Commitment

Community Login

Register now
Forgot password?

Secunia Advisory SA40566

Microsoft Office Outlook Linked Attachment Verification Vulnerability

Secunia Advisory

SA40566

DOWNLOAD CSI

DOWNLOAD PSI

Release Date

2010-07-13

Popularity

762 views

Comments

0 comments

Criticality level

Highly critical

Impact

Spoofing
System access

Where

From remote

Authentication level

Available in Customer Area

Report reliability

Available in Customer Area

Solution Status

Vendor Patch

Systems affected

Available in Customer Area

Approve distribution

Available in Customer Area

Remediation status

Secunia CSI, Secunia PSI

Automated scanning

Secunia CSI, Secunia PSI

Software:

Microsoft Office 2003 Professional Edition

Microsoft Office 2003 Small Business Edition

Microsoft Office 2003 Standard Edition

Microsoft Office 2003 Student and Teacher Edition

Microsoft Office 2007

Microsoft Office XP

Microsoft Outlook 2002

Microsoft Outlook 2003

Microsoft Outlook 2007

Secunia CVSS Score

Available in Customer Area

CVE Reference(s)

CVE-2010-0266 CVSS available in Customer Area

Description
A vulnerability has been reported in Microsoft Office Outlook, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when verifying attachments that are attached using the ATTACH_BY_REFERENCE value of the PR_ATTACH_METHOD property in a specially crafted e-mail message. This can be exploited to spoof a malicious attachment to appear to not pose a security threat.

Successful exploitation allows execution of arbitrary code if a user is tricked into opening the attachment.

Solution
Apply patches.
Further details available in Customer Area

Provided and/or discovered by
The vendor credits Yorick Koster via SSD (SecuriTeam Secure Disclosure program).

Original Advisory
MS10-045 (KB978212, KB980371, KB980373, KB980376):
http://www.microsoft.com/technet/security/bulletin/ms10-045.mspx

Other references
Further details available in Customer Area

Alternate/detailed remediation
Further details available in Customer Area

Deep Links
Links available in Customer Area

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Microsoft Office Outlook Linked Attachment Verification Vulnerability

No posts yet

You must be logged in to post a comment.

Reverse Engineer

Latest advisories

New advisories: 20
New vulnerabilities: 86
Updated advisories: 23

19 views
F5 FirePass Pre-logon Sequence Security Bypass Vulnerability

10 views
Sun Solaris Multiple Vulnerabilities

28 views
Sun GlassFish Enterprise Server and Java System Application Server Unspecified Vulnerability

49 views
Sun Access Manager / OpenSSO Multiple Vulnerabilities

56 views
Oracle Solaris Studio Unspecified Local Data Access Vulnerability

59 views
Sun Java System Web Proxy Server Unspecified Vulnerability

59 views
Oracle WebLogic Server Two Vulnerabilities

44 views
Sun Java Communications Suite Convergence Component Information Disclosure

68 views
Oracle JRockit Multiple Vulnerabilities

See all