Sourcefire Identifies Microsoft Outlook Vulnerability

January 11, 2007; 09:38 AM
Open source innovator and SNORT® creator, Sourcefire, Inc., a leader in network intrusion prevention, today announced that the Sourcefire® Vulnerability Research Team (VRT) discovered Microsoft® Outlook® VEVENT Vulnerability - CVE-2007-0033. Following the discovery, Sourcefire notified Microsoft and created a Snort rule (available at: http://www.snort.org/vrt/advisories/vrt-rules-2007-01-09.html) to protect users against potential exploits.

Due to a remote code execution vulnerability, Microsoft Outlook does not perform sufficient data validation when processing the contents of an .iCal meeting request (used to create and send meeting requests over the Internet or outside an organization). When Outlook opens a specially crafted .iCal meeting request and parses a malformed VEVENT request, it may corrupt system memory in such a way that an attacker could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update removes the vulnerability by modifying the way that Outlook validates the length of an .iCal meeting request before it passes the message to the allocated buffer.

The Sourcefire VRT is a leading vulnerability research group chartered with researching new vulnerabilities and creating methods for detecting and preventing attempts to exploit them. The team utilizes advanced protocol modeling to write rules that detect potential attacks against the underlying vulnerabilities used by many worms and malicious scripts as their attack vectors.

“As technology continues to advance, so do the threats that look for vulnerabilities to exploit,” said Matt Watchinksi, Director of the Sourcefire Vulnerability Research Team. “Customers need to know that their security solutions are backed by a research team that proactively works to ensure the best protection possible. The Sourcefire VRT strives to lead the industry in delivering protection against the latest threats. In many cases the Snort community and Sourcefire users are protected well before an exploit is ever released.”

Lurene Grenier, Senior Research Engineer for the Sourcefire VRT, who discovered the vulnerability, will be conducting a vulnerability exploitation tutorial February 4-5 at RSA Conference 2007 in San Francisco, CA. For more information on the tutorial and/or to register, please visit: http://www.rsaconference.com/2007/us/content/tutorials/.

About the Sourcefire Vulnerability Research Team

The Sourcefire VRT is comprised of leading edge network security experts working to proactively discover, assess, and respond to the latest trends in hacking activity, intrusion attempts, and vulnerabilities. This team collaborates extensively with hundreds of network security professionals in the open source community to research and validate new vulnerabilities and exploits.

About Sourcefire

Sourcefire, Inc., a leading provider of intelligence driven, open source network security solutions, is transforming the way organizations manage and minimize network security risks with its 3D Approach - Discover, Determine, Defend - to securing real networks in real-time. The company's network defense system unifies intrusion and vulnerability management technologies to provide customers with superior network security. Founded in 2001 by the creator of Snort, Sourcefire is headquartered in Columbia, MD and has been consistently recognized for its innovation and industry leadership by customers, media, and industry analysts alike – with more than 18 awards and accolades since January 2005 alone. Recently, the company was positioned in the Leaders Quadrant of Gartner’s “Magic Quadrant for Network Intrusion Prevention System Appliances 2H06” report and the Sourcefire 3D System was named “Best Security Solution,” at the 2006 SC Magazine Awards. At work in leading Fortune 1000 and government agencies, the names Sourcefire and founder Martin Roesch have grown synonymous with innovation and intelligence in network security.

For more information about Sourcefire, please visit http://www.sourcefire.com.

SOURCEFIRE®, SNORT®, the Sourcefire logo, the Snort and Pig logo, SECURITY FOR THE REAL WORLD™, SOURCEFIRE DEFENSE CENTER™, SOURCEFIRE 3D™, RNA™ and certain other trademarks and logos are trademarks or registered trademarks of Sourcefire, Inc. in the United States and other countries.

Microsoft Outlook is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries.