===================================================================== CERT-Renater Note d'Information No. 2013/VULN383 _____________________________________________________________________ DATE : 11/09/2013 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Microsoft Outlook version 2007, 2010. ====================================================================== KB2756473 http://technet.microsoft.com/en-us/security/bulletin/ms13-068 ______________________________________________________________________ Microsoft Security Bulletin MS13-068 - Critical Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473) Published Date: September 10, 2013 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsoft Outlook. The vulnerability could allow remote code execution if a user opens or previews a specially crafted email message using an affected edition of Microsoft Outlook. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Microsoft Outlook 2007 and Microsoft Outlook 2010. Affected Software Microsoft Outlook 2007 Service Pack 3 Microsoft Outlook 2010 Service Pack 1 (32-bit editions) Microsoft Outlook 2010 Service Pack 2 (32-bit editions) Microsoft Outlook 2010 Service Pack 1 (64-bit editions) Microsoft Outlook 2010 Service Pack 2 (64-bit editions) Vulnerability Information Message Certificate Vulnerability - CVE-2013-3870 A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted S/MIME email messages. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================