‫ Microsoft Outlook S/MIME Double-Free Vulnerability

IRCAD2013092867
ID: IRCAD2013092867
Release Date: 2013-09-10
Criticality level: Highly critical
Software:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Outlook 2007
Microsoft Outlook 2010
Description:                                                         
A vulnerability has been reported in Microsoft Outlook, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a double-free error within the "CSMime::SMIMEINFOToOptions()" function when handling nested signed S/MIME email messages and can be exploited to corrupt memory.
Successful exploitation may allow execution of arbitrary code.
Solution
Apply updates.
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 1 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 1 (64-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
References:
MS13-068 (KB2794707, KB2825999):
Secunia
http://secunia.com/advisories/54729/

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 21 شهریور 1392

امتیاز

امتیاز شما
تعداد امتیازها:0