Microsoft Outlook: Content Parsing Integer Underflow Vulnerability

Users of Microsoft Outlook please be advised of a Content Parsing Integer Underflow vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

Outlook-SA-09/04/2010: Microsoft Outlook Content Parsing Integer Underflow Vulnerability

Affected Software * Microsoft Outlook 2002 SP3 * Microsoft Outlook 2003 SP3 * Microsoft Outlook 2007 SP2 NOTE: Other versions may also be affected.

Description of Vulnerability Secunia Research has discovered a vulnerability in Microsoft Outlook, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer underflow error when parsing certain content and can be exploited to cause a heap-based buffer overflow via e.g. a specially crafted e-mail message. Successful exploitation may allow execution of arbitrary code, but requires that Outlook is connected to an Exchange server with Online Mode (not default setting for Outlook 2003 and 2007). Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/bwzrqc