CVE-2010-2728

Name of the Vulnerable Software and Affected Versions Microsoft Outlook versions 2002 SP3, 2003 SP3, and 2007 SP2

Description A remote code execution issue exists in Microsoft Outlook when it parses content in a specially crafted e-mail message, specifically in configurations where Outlook connects to an Exchange Server in Online Mode. This allows remote attackers to execute arbitrary code. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. Configurations using Cached Exchange Mode, or those using POP or IMAP mail servers only, are not affected.

Recommendations For Microsoft Outlook 2002 SP3, consider disabling Online Mode for Exchange Server connections until a patch is available. For Microsoft Outlook 2003 SP3, restrict access to specially crafted e-mail messages to minimize the risk of exploitation. For Microsoft Outlook 2007 SP2, avoid using Online Mode for Exchange Server connections in sensitive environments until the issue is resolved.