(MS10-064) Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011)

  Severity: CRITICAL
  CVE Identifier: CVE-2010-2728
  Advisory Date: FEB 20, 2013

  DESCRIPTION

This security update addresses a vulnerability that could allow remote code execution once a user opened a specially crafted email message via an affected version of Microsoft Outlook. The said MS Outlook should be connected to an Exchange server with Online Mode in order to be vulnerable. In addition, this vulnerability also gives an attacker user rights to the system.

  TREND MICRO PROTECTION INFORMATION

For information on patches specific to the affected software, please refer to this Microsoft Web page.

  AFFECTED SOFTWARE AND VERSION

  • Microsoft Office 2003 Service Pack 3
  • Microsoft Office XP Service Pack 3