{"vuid":"VU#476900","idnumber":"476900","name":"Microsoft Outlook fails to properly process a VEVENT record","keywords":["Microsoft","Outlook","remote code execution","VEVENT record","ms07-jan"],"overview":"Microsoft Outlook contains a memory corruption vulnerability that could enable an attacker to execute arbitrary code and gain complete control of the vulnerable system.","clean_desc":"Microsoft Outlook fails to properly handle malformed VEVENT records. When an .iCal meeting request containing a VEVENT record is opened, Outlook does not properly perform data validation on the record. An attacker could send a specially crafted .ics file in the request that, when opened, could corrupt system memory allowing the attacker to execute arbitrary code. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.","impact":"An attacker could gain complete control of the affected system and execute arbitrary code.","resolution":"Microsoft addresses this vulnerability with the updates listed in Microsoft Security Bulletin MS07-003. Note that Microsoft has documented known issues that occur after applying this update. See Microsoft Knowledgebase article 925938 for details.","workarounds":"Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.","sysaffected":"","thanks":"Thanks to Lurene Grenier of \nSourcefire\n for reporting this vulnerability","author":"This document was written by Joseph W Pruszynski.","public":["http://www.microsoft.com/technet/security/Bulletin/MS07-003.mspx","http://support.microsoft.com/kb/925542/","http://support.microsoft.com/kb/931270/","http://support.microsoft.com/kb/925938","http://securitytracker.com/alerts/2007/Jan/1017488.html","http://secunia.com/advisories/23674/","http://www.securityfocus.com/bid/21931"],"cveids":["CVE-2007-0033"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-01-09T18:31:39Z","publicdate":"2007-01-09T00:00:00Z","datefirstpublished":"2007-01-09T19:45:15Z","dateupdated":"2007-01-26T13:51:17Z","revision":23,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"15","cam_internetinfrastructure":"5","cam_population":"20","cam_impact":"17","cam_easeofexploitation":"15","cam_attackeraccessrequired":"18","cam_scorecurrent":"60.24375","cam_scorecurrentwidelyknown":"68.85","cam_scorecurrentwidelyknownexploited":"77.45625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":60.24375,"vulnote":null}