Thread-topic: [SA23674] Microsoft Outlook Multiple Vulnerabilities
>
> TITLE:
> Microsoft Outlook Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA23674
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> DoS, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Outlook 2000
>
> Microsoft Outlook 2002
>
> Microsoft Outlook 2003
>
> Microsoft Office 2000
>
> Microsoft Office 2003 Professional Edition
>
> Microsoft Office 2003 Small Business Edition
>
> Microsoft Office 2003 Standard Edition
>
> Microsoft Office 2003 Student and Teacher Edition
>
> Microsoft Office XP
>
>
> DESCRIPTION:
> Some vulnerabilities have been reported in Microsoft Outlook, which
> can be exploited by malicious people to cause a DoS (Denial of
> Service) or compromise a user's system.
>
> 1) An error within the processing of VEVENT records can be exploited
> to corrupt memory via a specially crafted .ICS (iCal) meeting
> request.
>
> Successful exploitation allows execution of arbitrary code.
>
> 2) An error within the processing of e-mail header information can be
> exploited to crash the mail client via a specially crafted e-mail. In
> order to restore functionality, the malicious e-mail has to be
> removed manually from the mail server.
>
> 3) An error within the processing of Office Saved Searches (.oss)
> files can be exploited to corrupt memory by tricking a user into
> opening a specially crafted .oss file.
>
> Successful exploitation allows execution of arbitrary code.
>
> SOLUTION:
> Apply patches.
>
> Microsoft Outlook 2000:
>
> B32-C6AF-4C6C-ABF1-838ED89062EB
>
> Microsoft Outlook 2002:
>
> 1C5-3DE3-4258-9120-058FFD62B4F5
>
> Microsoft Outlook 2003:
>
> 8AE-2564-4176-AC2E-E3760058CB56
>
> PROVIDED AND/OR DISCOVERED BY:
> 1) Lurene Grenier, Sourcefire.
> 2) Reported by the vendor.
> 3) Stuart Pearson, Computer Terrorism.
>
> ORIGINAL ADVISORY:
> MS07-003 (KB925938):
>
>
