Microsoft.Outlook.Remote.Code.Execution.MS07-003

description-logoDescription

Microsoft Outlook is a personal e-mail management tool and calendar software. In Jan. 2009, Microsoft released Security Bulletin MS07-003 regarding to three vulnerabilities in it.
A denial-of-service vulnerability was found in Outlook due to the improper way of handling certain email message headers. Remote attacker can cause the Outlook client to fail by sending a malformed e-mail having long subject lines or large numbers of recipients in To or CC headers to a user of Outlook. (CVE-2006-1305)
Lurene Grenier of Sourcefire reported a memory corruption vulnerability in Outlook due to improper handling of malformed VEVENT records. Remote attacker can corrupt system memory and execute arbitrary code on user's system by sending an .iCal meeting request containing a crafted VEVENT record and tricking user to open it. (CVE-2007-0033)
Stuart Pearson reported a memory corruption vulnerability in Outlook due to improper handling of malformed Office Saved Searches (.oss) files. Remote attacker can corrupt system memory and execute arbitrary code on user's system by sending a specially crafted .oss file and tricking user to open it. (CVE-2007-0034)

affected-products-logoAffected Products

Microsoft Office 2000 Service Pack 3 (Microsoft Outlook 2000)
Microsoft Office XP Service Pack 3 (Microsoft Outlook 2002)
Microsoft Office 2003 Service Pack 2 (Microsoft Outlook 2003)

recomended-action-logoRecommended Actions

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary 07-003(http://technet.microsoft.com/en-us/security/bulletin/ms07-003 ).
Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated-update distribution system such as Windows Server Update Services (WSUS).
As workarounds:
a. Modify the Access Control List on the "MapiCvt Class" registry key.
b. Back up and remove the MIMEDIR.DLL {0006F085-0000-0000-C000-000000000046} "MapiCvt Class" registry key.
Refer to Microsoft Security Bulletin MS07-003 for further details.
As a general rule, computer users should not open untrusted or unfamiliar Office files, particularly those hosted on web sites or delivered as email attachments.
For FortiGate users, turning on these IPS signatures can prevent exploitation of some of these vulnerabilities:
MS.Outlook.VEVENT.Record.Remote.Code.Execution
MS.Outlook.OSS.File.Download

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)