[原文]** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Microsoft Outlook/Exchange TNEF Decoding Arbitrary Code Execution
Loss of Integrity
Patch / RCS
Microsoft Outlook and Exchange contain a flaw that may allow arbitrary code execution. The issue is due to the servers not properly sanitizing input via e-mail messages. By sending an e-mail with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, a user who views (opens or previews) the e-mail will execute custom code sent by an attacker.
Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.