CVE-2010-0266 - OpenCVE

Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Office Outlook

Configuration 1 [-]

AND

cpe:2.3:a:microsoft:outlook:2002:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:microsoft:outlook:2003:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:a:microsoft:outlook:2007:sp1::::::
	cpe:2.3:a:microsoft:outlook:2007:sp2::::::

OR	cpe:2.3:a:microsoft:office:2007:sp1::::::
	cpe:2.3:a:microsoft:office:2007:sp2::::::

References

Link	Resource
http://www.us-cert.gov/cas/techalerts/TA10-194A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-045
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11623

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2010-07-14T18:31:00

Updated: 2018-10-12T19:57:01

Reserved: 2010-01-07T00:00:00

Link: CVE-2010-0266

JSON object: View

NVD Information

Status : Modified

Published: 2010-07-15T12:57:12.453

Modified: 2018-10-12T21:56:46.257

Link: CVE-2010-0266

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-07-13T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka \"Microsoft Outlook SMB Attachment Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "oval:org.mitre.oval:def:11623", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11623"}, {"name": "TA10-194A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-194A.html"}, {"name": "MS10-045", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-045"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2010-0266", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka \"Microsoft Outlook SMB Attachment Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:11623", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11623"}, {"name": "TA10-194A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-194A.html"}, {"name": "MS10-045", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-045"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2010-0266", "datePublished": "2010-07-14T18:31:00", "dateReserved": "2010-01-07T00:00:00", "dateUpdated": "2018-10-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:outlook:2002:sp3:*:*:*:*:*:*", "matchCriteriaId": "ACCF73A2-FFD7-41E0-B1BF-E5B4590F51FF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*", "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:outlook:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "EE5F1440-2005-48E2-ABDE-231381026FED", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:outlook:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "2B7EA16B-9331-437A-9E13-433C432F8624", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2007:sp2:*:*:*:*:*:*", "matchCriteriaId": "65C99802-F2D9-4B57-95A6-AD12A856ADC8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D", "vulnerable": false}, {"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*", "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka \"Microsoft Outlook SMB Attachment Vulnerability.\""}, {"lang": "es", "value": "Microsoft Office Outlook 2002 SP3, 2003 SP3, y 2007 SP1 y SP2 no verifica correctamente adjuntos en correo electr\u00f3nico con un valor adecuado PR_ATTACH_METHOD de ATTACH_BY_REFERENCE, el cual permite a atacantes remotos ayudados por el usuario ejecutar c\u00f3digo arbitrario mediante mensajes manipulados, tambi\u00e9n conocidos como \"Vulnerabilidad Microsoft Outlook SMB en adjuntos\"."}], "id": "CVE-2010-0266", "lastModified": "2018-10-12T21:56:46.257", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-07-15T12:57:12.453", "references": [{"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-194A.html"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-045"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11623"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}