|MS10-041||Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)||Microsoft Outlook||Critical||12-05-2010|
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Outlook Express, Windows Mail, and Windows Live Mail. The vulnerability could allow remote code execution if a user visits a malicious e-mail server. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.
Detailed Information on the risk:
An unauthenticated remote code execution vulnerability exists in the way that Windows Mail Client handles specially crafted mail responses. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted response to a client initiating a connection to a server under his control using the common mail protocols POP3 and IMAP.
Further information on this exploit is available at : MS10-030
Affected SoftwareMicrosoft Outlook Express 5.5 Service Pack 2
Microsoft Outlook Express 6
Windows Internet Explorer 8
Windows Live Mail