Microsoft Outlook SMB Attachment ATTACH_BY_REFERENCE vulnerability

Added: 07/16/2010
CVE: CVE-2010-0266
BID: 41446
OSVDB: 66296

Background

Microsoft Outlook is an e-mail client which also provides calendar, scheduling, contact management, and information sharing capabilities.

Problem

A vulnerability in Microsoft Outlook allows command execution when a user opens an e-mail message containing a specially crafted attachment with the PR_ATTACH_METHOD property set to ATTACH_BY_REFERENCE.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 10-045.

References

http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0211.html

Limitations

Exploit works on Microsoft Office Outlook 2007 SP2.

After launching the exploit, download the exploit file onto the specified SMB share. The specified SMB share must be accessible by the target user.

Platforms

Windows

Back to exploit index