CVE-2013-3870

Name of the Vulnerable Software and Affected Versions Microsoft Outlook versions 2007 SP3, 2010 SP1, 2010 SP2

Description A remote code execution issue exists due to the way Microsoft Outlook handles specially crafted S/MIME email messages. This allows attackers to execute arbitrary code by including many nested S/MIME certificates in an email message. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Outlook 2007 SP3, update to a version that is not affected by this issue. For Microsoft Outlook 2010 SP1, update to a version that is not affected by this issue. For Microsoft Outlook 2010 SP2, update to a version that is not affected by this issue.