Outlook 2003 vulnerabilities and SP 1

S

Sunil Vakharia

Hi,

There are two related issues:
1. Outlook Predictable File Location Weakness
a. http://secunia.com/advisories/11572/ Last Update: 2004-June-07
b. http://www.securityfocus.com/bid/10307/info/


Both these links mention that: Unconfirmed reports suggest that this issue
may have been silently patched by Microsoft. These fixes may have been
included in Office updates from May 14th or May 17th, 2004.

There is another reference from the person who created the exploit which is
available at http://www.securityfocus.com/archive/1/365156

2. Outlook RTF Embedded OLE Object Security Bypass/ Media File Script
Execution Vulnerability
a. http://secunia.com/advisories/11629/ Last Update: 2004-June-07
b. http://www.securityfocus.com/bid/10369 Last Update: 2004-May-26
c. CAN-2004-0503
Exploit: http://www.malware.com/rockIT.zip

When last tested on 25 May, the exploit worked on Windows XP SP1 with
Outlook 2003. But it no longer works on Outlook 2003 SP1 or even without it.

Other references: http://www.kb.cert.org/vuls/id/713878

COMMENTS INVITED

Regards,

Sunil Vakharia
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Outlook Vulnerability - Can anybody confirm 1
Outlook 2003 Rules and Junk E-mail 11
Outlook 2003 synchronizing with the offline file (.ost) 2

Top