which could be exploited by attackers to take complete control of an affected system or cause a denial of service.
The first issue is due to a memory corruption error when processing
specially crafted ".iCal" meeting requests and parsing malformed VEVENT
requests, which could be exploited by attackers to execute arbitrary
commands.
The second vulnerability is due to an error when processing malformed
email headers, which could be exploited by attackers to crash a
vulnerable application via a specially crafted email.
The third vulnerability is due to a memory corruption error when
processing a malformed Office Saved Searches (.oss) file, which could
be exploited by attackers to execute arbitrary commands via a specially
crafted email.
Affected Products
Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
Microsoft Outlook 2000
Microsoft Outlook 2002
Microsoft Outlook 2003
Solution
Security update for Microsoft Outlook 2000 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=97CE0B32-C6AF-4C6C-ABF1-838ED89062EB
Security update for Microsoft Outlook 2002 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=1D1991C5-3DE3-4258-9120-058FFD62B4F5
Security update for Microsoft Outlook 2003 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=9E4DD8AE-2564-4176-AC2E-E3760058CB56
