CVE-2010-0266
Microsoft Outlook 2002 SP3, 2003 SP3, 2007 SP1/SP2 - Remote Code Execution via SMB Attachment Handling
Title source: llmExploitation Summary
EIP tracks 4 public exploits for CVE-2010-0266.
PoCs published by Metasploit, including Metasploit module exploits/windows/email/ms10_045_outlook_ref_resolve.
AI-analyzed exploit summary This Metasploit module exploits CVE-2010-0266 by crafting a malicious TNEF stream in an email attachment, which, when opened in Outlook, executes a payload fetched from a WebDAV server. The exploit leverages the ATTACH_BY_REF_RESOLVE vulnerability to execute arbitrary code.
Description
Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
Exploits (4)
This Metasploit module exploits CVE-2010-0266 by crafting a malicious TNEF stream in an email attachment, which, when opened in Outlook, executes a payload fetched from a WebDAV server. The exploit leverages the ATTACH_BY_REF_RESOLVE vulnerability to execute arbitrary code.
This Metasploit module exploits CVE-2010-0266 by crafting a malicious email with a TNEF attachment that, when clicked, executes a payload via a WebDAV share. It includes both SMTP delivery and HTTP server components to serve the payload.
This Metasploit module exploits CVE-2010-0266 by crafting a malicious email with a TNEF attachment that triggers Outlook to execute a remote file via a WebDAV share. The exploit sets up an HTTP server to serve the payload and handles WebDAV requests to deliver the executable.
This Metasploit module exploits CVE-2010-0266 by crafting a malicious email with a TNEF attachment that references a remote executable via WebDAV. When the user interacts with the attachment, Outlook executes the file from the attacker-controlled server.