Follow @discotekdotca
CVE-2007-0034
Current Description
Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
Basic Data
| Published | January 09, 2007 |
|---|---|
| Last Modified | October 16, 2018 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | CWE-119 |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:N/AC:M/Au:N/C:C/I:C/A:C |
| CVSS 2 - Access Vector | NETWORK |
| CVSS 2 - Access Complexity | MEDIUM |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | COMPLETE |
| CVSS 2 - Availability Impact | COMPLETE |
| CVSS 2 - Base Score | 9.3 |
| Severity | HIGH |
| Exploitability Score | 8.6 |
| Impact Score | 10.0 |
| Obtain All Privilege | true |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Microsoft Office 2000 sp3 * * * * * * � � � � 2.3 Application Microsoft Outlook 2000 * * * * * * * � � � � -
OR - Configuration 2
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Microsoft Office xp sp3 * * * * * * � � � � 2.3 Application Microsoft Outlook 2002 * * * * * * * � � � � -
OR - Configuration 3
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Microsoft Office 2003 sp2 * * * * * * � � � � 2.3 Application Microsoft Outlook 2003 * * * * * * * � � � �
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Office | 2000, 2003, xp |
| Microsoft | Outlook | 2000, 2002, 2003 |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| 23674 | http://secunia.com/advisories/23674 | SECUNIA | Vendor Advisory |
| 1017488 | http://securitytracker.com/id?1017488 | SECTRACK | |
| http://www.computerterrorism.com/research/ct09-01-2007.htm | http://www.computerterrorism.com/research/ct09-01-2007.htm | MISC | |
| VU#271860 | http://www.kb.cert.org/vuls/id/271860 | CERT-VN | US Government Resource |
| 31254 | http://www.osvdb.org/31254 | OSVDB | |
| 20070111 Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability | http://www.securityfocus.com/archive/1/456589/100/0/threaded | BUGTRAQ | |
| HPSBST02184 | http://www.securityfocus.com/archive/1/457274/100/0/threaded | HP | |
| 21936 | http://www.securityfocus.com/bid/21936 | BID | |
| TA07-009A | http://www.us-cert.gov/cas/techalerts/TA07-009A.html | CERT | US Government Resource |
| ADV-2007-0104 | http://www.vupen.com/english/advisories/2007/0104 | VUPEN | Vendor Advisory |
| MS07-003 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-003 | MS | |
| oval:org.mitre.oval:def:153 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A153 | OVAL |