Think you have a false positive on this rule?

Sid 1-44669

Message

FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt

Summary

This event is generated when an attempt to execute a local file in Outlook is detected.

Impact

Attempted User Privilege Gain

CVE-2010-0266:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2010-0266: Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PRATTACHMETHOD property value of ATTACHBYREFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."

Affected systems

  • microsoft outlook 2002
  • microsoft outlook 2003
  • microsoft outlook 2007

Ease of attack

CVE-2010-0266:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

None Known

False negatives

None Known

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • technet.microsoft.com/en-us/security/bulletin/MS10-045