Unchecked Buffer in Outlook Express S/MIME Parsing Could Enable System Compromise (Q328676) Who should read this bulletin: Customers using Microsoft® Outlook Express Impact of vulnerability: Run code of attackers choice. Maximum Severity Rating: Critical Recommendation: Customers using Outlook Express should apply the patch. Affected Software: -Microsoft Outlook Express 6.0 -Microsoft Outlook Express 5.5 Note: Microsoft Outlook is a different product than Microsoft Outlook Express, and is not affected by the vulnerability. Description of the vulnerability: This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability against another user’s system would be able to take any action that the system’s legitimate user could take. This could include adding, deleting or modifying data files, communicating with web sites, reformatting the hard drive, and other actions. The vulnerability does not affect users of Microsoft Outlook. Even in a successful attack, the attacker would not necessarily gain complete control over the system. Specifically, in a successful attack the attacker would gain the privileges of the user, rather than the operating system. If the user’s account had been configured to limit its privileges on the system, the attacker would likewise be limited. Download Security Update. Security Bulletin @ MS Technet
