| VID |
26333 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (MS08-015, 949031) for 'Remote Code Execution Vulnerability in Microsoft Outlook' has not been applied. Microsoft Outlook 2000, XP, 2003 and 2007 could allow a remote attacker to execute arbitrary code on the affected host, caused by a vulnerability when processing a specially-crafted URI mailto link. By convincing a user to open a specially-crafted email, an attacker could execute arbitrary code with the privileges of the user running Outlook. If the user is logged in with administrative privileges, the attacker could take complete control of a vulnerable system.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms08-015.mspx
http://www.us-cert.gov/cas/techalerts/TA08-071A.html
http://www.kb.cert.org/vuls/id/393305
http://www.frsirt.com/english/advisories/2008/0847
http://www.securitytracker.com/id?1019579
http://secunia.com/advisories/29320
* Platforms Affected:
Microsoft Outlook 2000, XP, 2003 and 2007
Microsoft Windows Any version |
| Recommendation |
Apply the appropriate patch (949031) for your system, as listed in Microsoft Security Bulletin MS08-015 at http://www.microsoft.com/technet/security/bulletin/ms08-015.mspx
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2008-0110 (CVE) |
| Related URL |
28147 (SecurityFocus) |
| Related URL |
40884,40886 (ISS) |
|
