----------------------------------------------------------------------

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.

Download and test it today:
https://psi.secunia.com/

Read more about this new version:
https://psi.secunia.com/?page=changelog

----------------------------------------------------------------------

TITLE:
Microsoft Outlook "mailto:" URI Handling Vulnerability

SECUNIA ADVISORY ID:
SA29320

VERIFY ADVISORY:
http://secunia.com/advisories/29320/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Microsoft Outlook 2007
http://secunia.com/product/13799/
Microsoft Outlook 2003
http://secunia.com/product/3292/
Microsoft Outlook 2002
http://secunia.com/product/34/
Microsoft Outlook 2000
http://secunia.com/product/33/
Microsoft Office XP
http://secunia.com/product/23/
Microsoft Office 2007
http://secunia.com/product/13228/
Microsoft Office 2003 Student and Teacher Edition
http://secunia.com/product/2278/
Microsoft Office 2003 Standard Edition
http://secunia.com/product/2275/
Microsoft Office 2003 Small Business Edition
http://secunia.com/product/2277/
Microsoft Office 2003 Professional Edition
http://secunia.com/product/2276/
Microsoft Office 2000
http://secunia.com/product/24/

DESCRIPTION:
A vulnerability has been reported in Microsoft Outlook, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when handling a specially
crafted "mailto:" URI passed from a web browser.

Successful exploitation allows execution of arbitrary code when a
user e.g. visits a malicious website.

SOLUTION:
Apply patches.

Outlook 2000 SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=714a49cd-5bca-4719-96a1-e1077f279533

Outlook 2002 SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=59853687-d885-4059-9460-ee403855dbd8

Outlook 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=fccc7c4c-8496-4682-bd46-6590503c1bf2

Outlook 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=fccc7c4c-8496-4682-bd46-6590503c1bf2

Outlook 2007:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4e2baf00-88eb-4eb6-961a-54245b363c21

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Greg MacManus, iDefense Labs.

ORIGINAL ADVISORY:
MS08-015 (KB949031):
http://www.microsoft.com/technet/security/Bulletin/MS08-015.mspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------