Computer Security
[EN] securityvulns.ru no-pyccku


Multiple Microsoft Outlook security vulnerabilities
updated since 09.01.2007
Published:11.01.2007
Source:
SecurityVulns ID:7030
Type:client
Threat Level:
6/10
Description:DoS. Buffer overflow on .iCal and .oss files parsing.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
CVE:CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability.")
 CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.)
 CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.)
Original documentdocumentComputer Terrorism (UK) :: Incident Response Centre, [Full-disclosure] Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability (11.01.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-003 Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938) (09.01.2007)
Files:Microsoft Security Bulletin MS07-003 Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod