Microsoft Outlook AttachMethods Vulnerability
 |
 |
 |
 |
 |
A remote code execution vulnerability exists in the way that Microsoft Office Outlook verifies attachments in e-mail messages. A remote attacker may exploit this vulnerability to take complete control of the affected system.
Microsoft Outlook is a popular e-mail and personal information manager application. Affected versions include Microsoft Office Outlook 2002 SP3, Microsoft Office Outlook 2003 SP3, Microsoft Office Outlook 2007 SP1 and Microsoft Office Outlook 2007 SP2. Due to this vulnerability, when a user attempts to open an attachment in a specially crafted e-mail message, instead of opening the attachment as expected, an attacker’s crafted executable file could be run.
The Check Point IPS Software Blade detects and blocks attempts to bypass the Outlook attachment filter. For more information, see CPAI-2010-218.