Multiple Microsoft Outlook security vulnerabilities - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Multiple Microsoft Outlook security vulnerabilities
updated since 09.01.2007
Published: 11.01.2007
Source: MICROSOFT
SecurityVulns ID: 7030
Type: client
Level: 6/10
Description: DoS. Buffer overflow on .iCal and .oss files parsing.

Affected: MICROSOFT : Office 2000
MICROSOFT : Office XP
MICROSOFT : Office 2003
CVE: CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability.")
CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.)
CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.)

Original document Computer Terrorism (UK) :: Incident Response Centre, [Full-disclosure] Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability (11.01.2007)

MICROSOFT, Microsoft Security Bulletin MS07-003 Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938) (09.01.2007)

Files: Microsoft Security Bulletin MS07-003 Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)
Discuss: Read or add your comments to this news (0 comments)

test server