Microsoft Outlook Multiple Vulnerabilities

Posted on Tuesday, January 09, 2007 @ 17:55:21 CST in Security
by Raven

SECUNIA ADVISORY ID: SA23674

VERIFY ADVISORY: http://secunia.com/advisories/23674/

CRITICAL: Moderately critical

IMPACT: DoS, System access

DESCRIPTION: Some vulnerabilities have been reported in Microsoft Outlook, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.

SOFTWARE:
Microsoft Outlook 2000 - http://secunia.com/product/33/
Microsoft Outlook 2002 - http://secunia.com/product/34/
Microsoft Outlook 2003 - http://secunia.com/product/3292/
Microsoft Office 2000 - http://secunia.com/product/24/
Microsoft Office 2003 Professional Edition - http://secunia.com/product/2276/
Microsoft Office 2003 Small Business Edition - http://secunia.com/product/2277/
Microsoft Office 2003 Standard Edition - http://secunia.com/product/2275/
Microsoft Office 2003 Student and Teacher Edition - http://secunia.com/product/2278/
Microsoft Office XP - http://secunia.com/product/23/

1) An error within the processing of VEVENT records can be exploited to corrupt memory via a specially crafted .ICS (iCal) meeting request. Successful exploitation allows execution of arbitrary code.

2) An error within the processing of e-mail header information can be exploited to crash the mail client via a specially crafted e-mail. In order to restore functionality, the malicious e-mail has to be removed manually from the mail server.

3) An error within the processing of Office Saved Searches (.oss) files can be exploited to corrupt memory by tricking a user into opening a specially crafted .oss file. Successful exploitation allows execution of arbitrary code.

SOLUTION: Apply patches.
Microsoft Outlook 2000: http://www.microsoft.com/downloads/details.aspx?FamilyId=97CE0B32-C6AF-4C6C-ABF1-838ED89062EB
Microsoft Outlook 2002: http://www.microsoft.com/downloads/details.aspx?FamilyId=1D1991C5-3DE3-4258-9120-058FFD62B4F5
Microsoft Outlook 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=9E4DD8AE-2564-4176-AC2E-E3760058CB56

PROVIDED AND/OR DISCOVERED BY:
1) Lurene Grenier, Sourcefire.
2) Reported by the vendor.
3) Stuart Pearson, Computer Terrorism.

ORIGINAL ADVISORY: MS07-003 (KB925938): http://www.microsoft.com/technet/security/Bulletin/MS07-003.mspx
 
 
click Related        click Share
 
News ©

Site Info

Last SeenLast Seen
  • vashd1
  • neralex
Server TrafficServer Traffic
  • Total: 513,758,967
  • Today: 94,156
Server InfoServer Info
  • Apr 27, 2025
  • 09:38 pm CDT
 
 

Site Navigation