[funsec] Sunbelt: VML Exploit-Vulnerable
Fergie
fergdawg at netzero.net
Fri Sep 22 17:16:32 CDT 2006
A big thanks to the hard work of the folks over at Sunbelt.
Via The Sunbelt Blog.
[snip]
Eric Sites here did some quick and dirty testing to see what versions
of Outlook are vulnerable to the VML exploit. Here’s our current list:
Outlook 2007 - 12.0.417.1006, Can view VML but apparently not vulnerable.
Outlook 2002 - not vulnerable
Outlook 2000 - not vulnerable
Outlook 2003 11.5608.8028 – not vulnerable
Outlook 2003 11.5608.5606– not vulnerable
Outlook 2003 11.6568.6568 SP2 – not tested
Outlook 2003 11.8010.8036 SP2 – vulnerable
So, ironically, your most patched version of Outlook 2003 is the most
likely at risk.
[snip]
Go figure. :-)
More here:
http://sunbeltblog.blogspot.com/2006/09/vulnerable-versions-of-outlook.html
Again, many thanks to the folks over at Sunbelt, especially
Eric Sites, and the volunteers at ZERT.
- ferg
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the funsec
mailing list