funsec mailing list archives

Sunbelt: VML Exploit-Vulnerable

From: "Fergie" <fergdawg () netzero net>
Date: Fri, 22 Sep 2006 22:16:32 GMT

A big thanks to the hard work of the folks over at Sunbelt.

Via The Sunbelt Blog.

[snip]

Eric Sites here did some quick and dirty testing to see what versions
of Outlook are vulnerable to the VML exploit.  Heres our current list:

Outlook 2007 - 12.0.417.1006, Can view VML but apparently not vulnerable.  
Outlook 2002 - not vulnerable
Outlook 2000 - not vulnerable
Outlook 2003 11.5608.8028  not vulnerable
Outlook 2003 11.5608.5606 not vulnerable
Outlook 2003 11.6568.6568 SP2  not tested
Outlook 2003 11.8010.8036 SP2  vulnerable

So, ironically, your most patched version of Outlook 2003 is the most
likely at risk. 

[snip]

Go figure. :-)

More here:
http://sunbeltblog.blogspot.com/2006/09/vulnerable-versions-of-outlook.html

Again, many thanks to the folks over at Sunbelt, especially
Eric Sites, and the volunteers at ZERT.

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Sunbelt: VML Exploit-Vulnerable Fergie (Sep 22)