Microsoft Office Heap Based Buffer Overflow in Outlook Vulnerability ( 15 September 2010 )

Last Update Date: 28 Jan 2011 Release Date: 15 Sep 2010 5268 Views

RISK: Medium Risk

Medium Risk

A remote code execution vulnerability exists in the way that Microsoft Outlook parses content in a specially crafted e-mail message. This vulnerability exists only in configurations where Outlook connects to an Exchange Server in Online Mode. Configurations where Outlook connects to an Exchange Server in the Cached Exchange Mode are not affected. In addition, configurations where Outlook uses POP or IMAP mail servers only are not affected by this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Office XP Service Pack 3
    - Microsoft Outlook 2002 Service Pack 3
  • Microsoft Office 2003 Service Pack 3
    - Microsoft Outlook 2003 Service Pack 3
  • Microsoft Office 2007 Service Pack 2
    - Microsoft Outlook 2007 Service Pack 2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Windows Print Spooler Service Impersonation Vulnerability ( 15 September 2010 )

15 Sep 2010 5215 Views

Next

Microsoft Windows LSASS Heap Overflow Vulnerability ( 15 September 2010 )

15 Sep 2010 5245 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY