CVE-2010-0266 : Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR

Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."

Published 2010-07-15 12:57:12

Updated 2018-10-12 21:56:46

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2010-0266

Probability of exploitation activity in the next 30 days: 97.10%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2010-0266

Outlook ATTACH_BY_REF_RESOLVE File Execution

Disclosure Date: 2010-06-01

First seen: 2020-04-26

exploit/windows/email/ms10_045_outlook_ref_resolve

It has been discovered that certain e-mail message cause Outlook to create Windows shortcut-like attachments or messages within Outlook. Through specially crafted TNEF streams with certain MAPI attachment properties, it is possible to set a path name to files to be e

More information
Outlook ATTACH_BY_REF_ONLY File Execution

Disclosure Date: 2010-06-01

First seen: 2020-04-26

exploit/windows/email/ms10_045_outlook_ref_only

It has been discovered that certain e-mail message cause Outlook to create Windows shortcut-like attachments or messages within Outlook. Through specially crafted TNEF streams with certain MAPI attachment properties, it is possible to set a path name to files to be e

More information

CVSS scores for CVE-2010-0266

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2010-0266

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-0266

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-045

Microsoft Security Bulletin MS10-045 - Important | Microsoft Docs
http://www.us-cert.gov/cas/techalerts/TA10-194A.html

Microsoft Updates for Multiple Vulnerabilities | CISA
US Government Resource

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11623

Repository / Oval Repository

Products affected by CVE-2010-0266

Microsoft » Outlook » Version: 2002 Update SP3
cpe:2.3:a:microsoft:outlook:2002:sp3:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Office » Version: XP Update SP3
Microsoft » Outlook » Version: 2003 Update SP3
cpe:2.3:a:microsoft:outlook:2003:sp3:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Office » Version: 2003 Update SP3
Microsoft » Outlook » Version: 2007 Update SP1
cpe:2.3:a:microsoft:outlook:2007:sp1:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Office » Version: 2007 Update SP1
When used together with: Microsoft » Office » Version: 2007 Update SP2
Microsoft » Outlook » Version: 2007 Update SP2
cpe:2.3:a:microsoft:outlook:2007:sp2:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Office » Version: 2007 Update SP1
When used together with: Microsoft » Office » Version: 2007 Update SP2

Vulnerability Details : CVE-2010-0266