===================================================================== CERT-Renater Note d'Information No. 2008/VULN083 _____________________________________________________________________ DATE : 12/03/2008 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Microsoft Outlook. ====================================================================== http://www.microsoft.com/technet/security/bulletin/MS08-015.mspx ______________________________________________________________________ Microsoft Security Bulletin MS08-014 - Critical Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031) Published: March 11, 2008 Version: 1.0 This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane. This security update is rated Critical for supported editions of Microsoft Office Outlook 2000 Service Pack 3, Outlook 2002 Service Pack 3, Outlook 2003 Service Pack 2 and Service Pack 3, and Outlook 2007. Affected Software o Microsoft Office 2000 Service Pack 3 o Microsoft Office XP Service Pack 3 o Microsoft Office 2003 Service Pack 2 o Microsoft Office 2003 Service Pack 3 o 2007 Microsoft Office System Vulnerability Information Outlook URI Vulnerability - CVE-2008-0110 o A remote code execution exists in Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Workarounds for Outlook URI Vulnerability - CVE-2008-0110 o Disable the Outlook mailto handler Disabling the mailto handler in the system registry key helps protect affected systems from attempts to exploit this vulnerability. Perform the following steps: 1. Click Start, click Run, type regedit and then click OK. 2. Expand HKEY_CLASSES_ROOT. 3. Expand mailto. 4. To backup the registry before your edit it, left-click on File menu, select Export... In the Export Registry File dialog box, type mailto_backup.reg and select Save. 5. Right-click on "mailto" and select Delete. Impact of Workaround: Users who have configured their systems with this workaround will be unable to process mailto requests that would normally launch any applications mailto action. How to Undo the Workaround: 1. Click Start, click Run, type regedit and then click OK. 2. Expand HKEY_CLASSES_ROOT. 3. Expand mailto. 4. To restore the registry, left-click on File menu, select Import... In the Export Registry File dialog box, select mailto_backup.reg and select Open. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================