Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution
Description: This security update resolves a privately reported vulnerability in Outlook Express, Windows Mail, and Windows Live Mail. The vulnerability could allow remote code execution if a user visits a malicious e-mail server. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by correctly validating e-mail server responses.
Update type: Critical
Release date: May 11, 2010
Applies to: All versions
Knowledge base: http://support.microsoft.com/kb/978542
- Outlook Express and Windows Mail Integer Overflow Vulnerability – CVE-2010-0816
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB978542.