A vulnerability exists in the way Microsoft Outlook handles Office Saved Searches (.oss). This vulnerability may allow a remote attacker to execute arbitrary code.
Office Saved Searches (.oss) contain views of e-mail items that satisfy previous search criteria.
Microsoft Outlook fails to properly parse Office Saved Searches (.oss) files. This vulnerability can be triggered when a user opens a specially crafted .oss file. Exploitation of this vulnerability may corrupt system memory, possibly resulting in the exploitation of arbitrary code.
A remote, unauthenticated attacker may be able to execute arbitrary code with the permissions of the user running Outlook.
Apply an Update
Microsoft reported this vulnerability in MS07-003. Microsoft credits Stuart Pearson for reporting this vulnerability.
This document was written by Katie Steiner.
|Date First Published:||2007-01-09|
|Date Last Updated:||2007-01-26 13:48 UTC|