Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542)
This security update
resolves a privately reported vulnerability in Outlook Express, Windows
Mail, and Windows Live Mail. The vulnerability could allow remote code
execution if a user visits a malicious e-mail server. An attacker who
successfully exploited this vulnerability could gain the same user
rights as the local user. Users whose accounts are configured to have
fewer user rights on the system could be less impacted than users who
operate with administrative user rights.
security update is rated Critical for Microsoft Outlook Express on all
supported editions of Microsoft Windows 2000, Windows XP, and Windows
Server 2003; and for Windows Mail on all supported editions of Windows
Vista and Windows Server 2008. This security update is rated Important
for Windows Live Mail on all supported editions of Windows XP, Windows
Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2; and
for Windows Mail on all supported editions of Windows 7 and Windows
Server 2008 R2. For more information, see the subsection, Affected
and Non-Affected Software, in this section.
update addresses the vulnerability by correctly validating e-mail server
responses. For more information about the vulnerability, see the
Frequently Asked Questions (FAQ) subsection for the specific
vulnerability entry under the next section, Vulnerability Information.
Detay için aşağıda ki linke bakabilirsiniz.