[funsec] Sunbelt: VML Exploit-Vulnerable
fergdawg at netzero.net
Fri Sep 22 17:16:32 CDT 2006
A big thanks to the hard work of the folks over at Sunbelt.
Via The Sunbelt Blog.
Eric Sites here did some quick and dirty testing to see what versions
of Outlook are vulnerable to the VML exploit. Heres our current list:
Outlook 2007 - 12.0.417.1006, Can view VML but apparently not vulnerable.
Outlook 2002 - not vulnerable
Outlook 2000 - not vulnerable
Outlook 2003 11.5608.8028 not vulnerable
Outlook 2003 11.5608.5606 not vulnerable
Outlook 2003 11.6568.6568 SP2 not tested
Outlook 2003 11.8010.8036 SP2 vulnerable
So, ironically, your most patched version of Outlook 2003 is the most
likely at risk.
Go figure. :-)
Again, many thanks to the folks over at Sunbelt, especially
Eric Sites, and the volunteers at ZERT.
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the funsec