01.09.2007 - MS07-003: Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)

Microsoft Outlook VEVENT Vulnerability - CVE-2007-0033 A remote code execution vulnerability exists in Microsoft Outlook. An attacker could exploit this vulnerability when Outlook parses a file and processes a malformed VEVENT record. Microsoft Outlook Denial of Service Vulnerability – CVE-2006-1305 A denial of service vulnerability exists in Outlook in its processing of e-mail header information. An attacker who successfully exploited the vulnerability could send a malformed e-mail to a user of Outlook that would cause the Outlook client to fail under certain circumstances. The Outlook client would continue to fail so long as the malformed e-mail message remained on the e-mail server. The e-mail message could be deleted by an e-mail administrator, or by the user via another e-mail client such as Outlook Web Access or Outlook Express, after which point the Outlook client would again function normally. Microsoft Outlook Advanced Find Vulnerability - CVE-2007-0034 A remote code execution vulnerability exists in Microsoft Outlook. An attacker could exploit this vulnerability when Outlook parses an .oss file. - Download Microsoft Outlook 2000 SP3 - Download Microsoft Outlook 2002 SP3 - Download Microsoft Outlook 2003 SP2 - View Microsoft Security Bulletin MS07-003 - View Microsoft Knowledge Base Article - 925938 - Visit Microsoft Corporation