Microsoft Outlook SMB Attachment ATTACH_BY_REFERENCE vulnerabilityAdded: 07/16/2010
BackgroundMicrosoft Outlook is an e-mail client which also provides calendar, scheduling, contact management, and information sharing capabilities.
ProblemA vulnerability in Microsoft Outlook allows command execution when a user opens an e-mail message containing a specially crafted attachment with the PR_ATTACH_METHOD property set to ATTACH_BY_REFERENCE.
ResolutionApply the patch referenced in Microsoft Security Bulletin 10-045.
LimitationsExploit works on Microsoft Office Outlook 2007 SP2.
After launching the exploit, download the exploit file onto the specified SMB share. The specified SMB share must be accessible by the target user.
Back to exploit index