Think you have a false positive on this rule?

Sid 1-37693


FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt


This event is generated when an attempt to execute a local file in Outlook is detected.


Attempted User Privilege Gain


CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2010-0266: Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PRATTACHMETHOD property value of ATTACHBYREFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."

Affected systems

  • microsoft outlook 2002
  • microsoft outlook 2003
  • microsoft outlook 2007

Ease of attack


Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

None Known

False negatives

None Known

Corrective action


  • Cisco's Talos Intelligence Group

Additional References