Security Microsoft Outlook Multiple Vulnerabilities

PHP Web Host - Quality Web Hosting For All PHP Applications

• Home • Downloads • Your Account • Forums •

Site Navigation

Home:

Donate o Meter

Help Keep Our Servers Online AND Our Services Free!

Donat-o-Meter Stats
November´s Goal:	$300.00
Due Date:	Nov 30
Net Balance:	$47.65
Left to go:	$252.35

Donations
Micah Nov-14
Rose38478 Nov-11
Doulos Nov-4

Please Link To Me!

Services Available

Quality PHP Web Host!

Great Reviews!

Need help setting up your website, installing Apache, PHP, MySQL, or PhpNuke?

Need help customizing or designing scripts?

Please contact me via the Contact Us option for further details and pricing.

Link to Me

There are more Link To Me icons here.

Site Info v2.2.2 ©

Verse of the Day

Microsoft Outlook Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA23674

VERIFY ADVISORY: http://secunia.com/advisories/23674/

CRITICAL: Moderately critical

IMPACT: DoS, System access

DESCRIPTION: Some vulnerabilities have been reported in Microsoft Outlook, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.

SOFTWARE:
Microsoft Outlook 2000 - http://secunia.com/product/33/
Microsoft Outlook 2002 - http://secunia.com/product/34/
Microsoft Outlook 2003 - http://secunia.com/product/3292/
Microsoft Office 2000 - http://secunia.com/product/24/
Microsoft Office 2003 Professional Edition - http://secunia.com/product/2276/
Microsoft Office 2003 Small Business Edition - http://secunia.com/product/2277/
Microsoft Office 2003 Standard Edition - http://secunia.com/product/2275/
Microsoft Office 2003 Student and Teacher Edition - http://secunia.com/product/2278/
Microsoft Office XP - http://secunia.com/product/23/

1) An error within the processing of VEVENT records can be exploited to corrupt memory via a specially crafted .ICS (iCal) meeting request. Successful exploitation allows execution of arbitrary code.

2) An error within the processing of e-mail header information can be exploited to crash the mail client via a specially crafted e-mail. In order to restore functionality, the malicious e-mail has to be removed manually from the mail server.

3) An error within the processing of Office Saved Searches (.oss) files can be exploited to corrupt memory by tricking a user into opening a specially crafted .oss file. Successful exploitation allows execution of arbitrary code.

SOLUTION: Apply patches.
Microsoft Outlook 2000: http://www.microsoft.com/downloads/details.aspx?FamilyId=97CE0B32-C6AF-4C6C-ABF1-838ED89062EB
Microsoft Outlook 2002: http://www.microsoft.com/downloads/details.aspx?FamilyId=1D1991C5-3DE3-4258-9120-058FFD62B4F5
Microsoft Outlook 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=9E4DD8AE-2564-4176-AC2E-E3760058CB56

PROVIDED AND/OR DISCOVERED BY:
1) Lurene Grenier, Sourcefire.
2) Reported by the vendor.
3) Stuart Pearson, Computer Terrorism.

ORIGINAL ADVISORY: MS07-003 (KB925938): http://www.microsoft.com/technet/security/Bulletin/MS07-003.mspx

Posted on Tuesday, January 09, 2007 @ 18:55:21 EST by Raven

Related Links

· More about Security
· News by Raven

Most read story about Security:
PHP-Nuke *eid* SQL Injection Vulnerability

Article Rating

Average Score: 0
Votes: 0

Options

Printer Friendly Page

Send to a Friend

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2008 by Raven
Proud to be listed at Lobo Links Web Directory

You can syndicate our news using the file

Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.

:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com ::
:: fisubice Theme Recoded To 100% W3C CSS & HTML 4.01 Transitional Compliance by Raven and 64bitguy ::
::