Microsoft Outlook is an e-mail client which also provides calendar, scheduling, contact management, and information sharing capabilities.
A vulnerability in Microsoft Outlook allows command execution when a user opens an e-mail message containing a specially crafted attachment with the PR_ATTACH_METHOD property set to ATTACH_BY_REFERENCE.
Apply the patch referenced in Microsoft Security Bulletin 10-045.
Exploit works on Microsoft Office Outlook 2007 SP2.
After launching the exploit, download the exploit file onto the specified SMB share. The specified SMB share must be accessible by the target user.