CVE-2013-3870

Severity

93%

Complexity

86%

Confidentiality

165%

Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka "Message Certificate Vulnerability."

Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka "Message Certificate Vulnerability."

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Microsoft Outlook

First reported 11 years ago

2013-09-11 14:03:00

Last updated 6 years ago

2018-10-12 22:05:00

Affected Software

Microsoft Outlook 2007 sp3

2007

Microsoft Outlook 2010 sp1 x64 (64bit)

2010

Microsoft Outlook 2010 x86 (32bit)

2010
x86

Microsoft Outlook 2010 sp2 x64 (64bit)

2010

Microsoft Outlook 2010 sp2 x86 (32bit)

2010
x86

References

http://blogs.technet.com/b/srd/archive/2013/09/10/assessing-risk-for-the-september-2013-security-updates.aspx

Vendor Advisory

http://blogs.technet.com/b/srd/archive/2013/09/10/ms13-068-a-difficult-to-exploit-double-free-in-outlook.aspx

Exploit, Vendor Advisory

TA13-253A

US Government Resource

MS13-068

oval:org.mitre.oval:def:18857

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.