PT-2010-2063 · Microsoft · Outlook

Yorick Koster

Published

2010-07-14

Updated

2018-10-12

CVE-2010-0266

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Office Outlook versions 2002 SP3, 2003 SP3, and 2007 SP1 and SP2

Description A remote code execution issue exists in the way Microsoft Office Outlook verifies attachments in specially crafted e-mail messages. This allows attackers to potentially execute arbitrary code via crafted messages. If successfully exploited, an attacker could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Office Outlook 2002 SP3, update to a version that properly verifies e-mail attachments. For Microsoft Office Outlook 2003 SP3, update to a version that properly verifies e-mail attachments. For Microsoft Office Outlook 2007 SP1 and SP2, update to a version that properly verifies e-mail attachments.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2010-0266

Affected Products

Outlook

PT-2010-2063 · Microsoft · Outlook

CVE-2010-0266

Weakness Enumeration

Related Identifiers

Affected Products

References · 10