VulDB: Microsoft Outlook SMB Attachment Handler PR_ATTACH_METHOD buffer overflow
General
scipID: 4146
Affected: Microsoft Outlook
Published: 07/13/2010 (Yorick Koster)
Risk: 
critical
Entry: 100% complete
Created: 07/19/2010
Updated: 09/03/2012
Summary
A vulnerability classified as critical has been found in Microsoft Outlook. Affected is the function PR_ATTACH_METHOD of the component SMB Attachment Handler. The manipulation with an unknown input leads to a buffer overflow vulnerability. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was released 07/13/2010 by Yorick Koster with Akita Software Security as MS10-045. The advisory is shared for download at microsoft.com. This vulnerability is traded as CVE-2010-0266 since 01/07/2010. It is possible to launch the attack remotely. The exploitation doesn’t require any form of authentication. Technical details and a exploit are known.
After 2 days, there has been an exploit disclosed. The vulnerability scanner Nessus provides a plugin with the ID 47713 (MS10-045: Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins, running in the context local and relying on port 139.
Applying the patch MS10-045 is able to eliminate this problem. The bugfix is ready for download at microsoft.com. A possible mitigation has been published before and not just after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (66296), Secunia (SA40566) and SecurityFocus (BID 41446).CVSS
Base Score: 9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Buffer overflow
Local: No
Remote: Yes
Availability: Yes
Nessus ID: 47713
Nessus Name: MS10-045: Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)
Nessus Family: Windows : Microsoft Bulletins
Nessus Context: local
Nessus Port: 139
Countermeasures
Recommended: Patch
0-Day Time: 0 days since found
Exploit Delay Time: 1 days since known
Patch: MS10-045
Timeline
01/07/2010 | CVE assigned
07/13/2010 | Countermeasure disclosed
07/13/2010 | Nessus plugin released
07/13/2010 | Advisory disclosed
07/13/2010 | OSVDB entry created
07/15/2010 | Exploit disclosed
07/19/2010 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: MS10-045
Researcher: Yorick Koster
Company: Akita Software Security
OSVDB: 66296
CVE: CVE-2010-0266 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 40566
SecurityFocus: 41446
- Latest Entries
- Apple QuickTime DREF Atom Handler buffer overflow [CVE-2013-1017]
- Apple QuickTime H.264 Handler buffer overflow [CVE-2013-1018]
- Apple QuickTime MP3 File Handler buffer overflow [CVE-2013-0989]
- Apple QuickTime Sorenson Codec Handler buffer overflow [CVE-2013-1019]
- Apple QuickTime JPEG Handler buffer overflow [CVE-2013-1020]
- Statistics
- Archive
