Microsoft Outlook URI Remote code Execution Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	03/11/2008
Severity:	High
Applications Affected:	Microsoft Office 2000 SP3 Microsoft Office XP SP3 Microsoft Office 2003 SP2 Microsoft Office 2003 SP3 Microsoft Office 2007 System

Synopsis

A remote code execution exists in Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. This vulnerability requires that a user visit a specially crafted or compromised Web site with an affected system that includes Microsoft Outlook.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms08-015.mspx

Threat Analysis

The vulnerability is caused in the way Microsoft Outlook does not perform sufficient validation of mailto URIs passed to the Outlook client from a Web browser.

An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs, view, change, delete data, or create new accounts with full user rights.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0110

Write-up by: Aditya Chaturvedi

Security Sites

“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”

Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner

| | | | | | | | |