CVE-2010-0266

CVE

CriticalConfirmedExploit available

Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD prope…

CVSS

9.3

Critical

EPSS

0.55

p98

Published

2010-01-01

Updated

2010-01-01

Description

Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."

Tags · CWE

CWE-94

CAPEC-35

CAPEC-77

CAPEC-242

Affected products

OutlookOutlookOutlook

CVSS vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Timeline

2010-01-01

Published

2010-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: M

Medium

Authentication

Au: N

None (N)

Confidentiality Impact

C: C

Complete

Integrity Impact

I: C

Complete

Availability Impact

A: C

Complete

Exploit indicators

EPSS

0.553 · p98

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1027.006HTML Smuggling

└ via CAPEC-35 · CWE-94

T1027.009Embedded Payloads

└ via CAPEC-35 · CWE-94

T1564.009Resource Forking

└ via CAPEC-35 · CWE-94

Known exploits — Сканер-ВС

16699

exploitdb · https://www.exploit-db.com/exploits/16699

Enterprise

16700

exploitdb · https://www.exploit-db.com/exploits/16700

Enterprise

Affected products

Microsoft

Office Outlook

Product	Vendor	Status
outlook	*	Tracked
outlook	*	Tracked
outlook	*	Tracked

Source databases

CVE