Overview
A vulnerability exists in the way Microsoft Outlook handles Office Saved Searches (.oss). This vulnerability may allow a remote attacker to execute arbitrary code.
Description
Office Saved Searches (.oss) contain views of e-mail items that satisfy previous search criteria. Microsoft Outlook fails to properly parse Office Saved Searches (.oss) files. This vulnerability can be triggered when a user opens a specially crafted .oss file. Exploitation of this vulnerability may corrupt system memory, possibly resulting in the exploitation of arbitrary code. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code with the permissions of the user running Outlook. |
Solution
Apply an Update |
Workarounds |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.microsoft.com/technet/security/Bulletin/MS07-003.mspx
- http://support.microsoft.com/kb/925542/
- http://support.microsoft.com/kb/931270/
- http://support.microsoft.com/kb/925938
- http://securitytracker.com/alerts/2007/Jan/1017488.html
- http://secunia.com/advisories/23674/
- http://www.securityfocus.com/bid/21936
Acknowledgements
Microsoft reported this vulnerability in MS07-003. Microsoft credits Stuart Pearson for reporting this vulnerability.
This document was written by Katie Steiner.
Other Information
| CVE IDs: | CVE-2007-0034 |
| Severity Metric: | 22.03 |
| Date Public: | 2007-01-09 |
| Date First Published: | 2007-01-09 |
| Date Last Updated: | 2007-01-26 13:48 UTC |
| Document Revision: | 22 |