Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (2756473)

ITS Advisory Number: 
2013-079
Date(s) Issued: 
Tuesday, September 10, 2013
Subject: 
Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (2756473)
Overview: 

A vulnerability has been identified in Microsoft Office Outlook. Microsoft Office Outlook is an email client. The vulnerability could allow remote code execution if a user opens or previews a specially crafted email message using an affected edition of Microsoft Outlook. Successful exploitation of the vulnerability could allow an attacker to gain the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Systems Affected: 
  • Microsoft Outlook 2007
  • Microsoft Outlook 2010
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

A vulnerability has been identified in Microsoft Office Outlook which could allow remote code execution. This vulnerability is caused by the way that Microsoft Outlook parses specially crafted S/MIME email messages. The vulnerability could executed if a user opens or previews a specially crafted email message using an affected edition of Microsoft Outlook. Successful exploitation of the vulnerability could allow an attacker to gain the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Actions: 
  • Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
  • Remind users not to open suspicious emails from unknown sources.
References: 
Microsoft:
https://technet.microsoft.com/en-us/security/bulletin/ms13-068
CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3870