CVE-2010-0266 - Vulnerability Details - OpenCVE

Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.82804.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Office Outlook

Configuration 1 [-]

AND

cpe:2.3:a:microsoft:outlook:2002:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:microsoft:outlook:2003:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:a:microsoft:outlook:2007:sp1::::::
	cpe:2.3:a:microsoft:outlook:2007:sp2::::::

OR	cpe:2.3:a:microsoft:office:2007:sp1::::::
	cpe:2.3:a:microsoft:office:2007:sp2::::::

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.us-cert.gov/cas/techalerts/TA10-194A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-045
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11623

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2010-07-14T18:31:00

Updated: 2024-08-07T00:45:11.374Z

Reserved: 2010-01-07T00:00:00

Link: CVE-2010-0266

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-07-15T12:57:12.453

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-0266

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-07-13T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka \"Microsoft Outlook SMB Attachment Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "oval:org.mitre.oval:def:11623", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11623"}, {"name": "TA10-194A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-194A.html"}, {"name": "MS10-045", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-045"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2010-0266", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka \"Microsoft Outlook SMB Attachment Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:11623", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11623"}, {"name": "TA10-194A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-194A.html"}, {"name": "MS10-045", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-045"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:45:11.374Z"}, "title": "CVE Program Container", "references": [{"name": "oval:org.mitre.oval:def:11623", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11623"}, {"name": "TA10-194A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-194A.html"}, {"name": "MS10-045", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-045"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2010-0266", "datePublished": "2010-07-14T18:31:00", "dateReserved": "2010-01-07T00:00:00", "dateUpdated": "2024-08-07T00:45:11.374Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:outlook:2002:sp3:*:*:*:*:*:*", "matchCriteriaId": "ACCF73A2-FFD7-41E0-B1BF-E5B4590F51FF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*", "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:outlook:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "EE5F1440-2005-48E2-ABDE-231381026FED", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:outlook:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "2B7EA16B-9331-437A-9E13-433C432F8624", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2007:sp2:*:*:*:*:*:*", "matchCriteriaId": "65C99802-F2D9-4B57-95A6-AD12A856ADC8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D", "vulnerable": false}, {"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*", "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka \"Microsoft Outlook SMB Attachment Vulnerability.\""}, {"lang": "es", "value": "Microsoft Office Outlook 2002 SP3, 2003 SP3, y 2007 SP1 y SP2 no verifica correctamente adjuntos en correo electr\u00f3nico con un valor adecuado PR_ATTACH_METHOD de ATTACH_BY_REFERENCE, el cual permite a atacantes remotos ayudados por el usuario ejecutar c\u00f3digo arbitrario mediante mensajes manipulados, tambi\u00e9n conocidos como \"Vulnerabilidad Microsoft Outlook SMB en adjuntos\"."}], "id": "CVE-2010-0266", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-07-15T12:57:12.453", "references": [{"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-194A.html"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-045"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11623"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-194A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-045"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11623"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}