<< Back
CVE Number Vulnerability Product Severity Date
MS10-064 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011) 2007 Microsoft Critical 15-09-2010

Technical Information

Brief overview of the risk:
This security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user opened or previewed a specially crafted e-mail message using an affected version of Microsoft Outlook that is connected to an Exchange server with Online Mode. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.
Detailed Information on the risk:

A remote code execution vulnerability exists in the way that Microsoft Outlook parses content in a specially crafted e-mail message. This vulnerability exists only in configurations where Outlook connects to an Exchange Server in Online Mode. Configurations where Outlook connects to an Exchange Server in the Cached Exchange Mode are not affected. In addition, configurations where Outlook uses POP or IMAP mail servers only are not affected by this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


Further information on this exploit is available at : MS10-064

Affected Software

2007 Microsoft Office System Service Pack 2
Microsoft Office 2003 Service Pack 3
Microsoft Office XP Service Pack 3