Microsoft's email and planning software Outlook 2003 has a vulnerability that can allow a malicious takeover of a users' computer and data, said a network security firm Tuesday.

Open source solutions provider Sourcefire Inc., said that its researchers observed that Outlook did not perform enough data validation when processing .iCal meeting requests, a format used to send meeting requests over the internet.

As technology continues to advance, so do the threats that look for vulnerabilities to exploit, said Matt Watchinksi, Director of the Sourcefire Vulnerability Research Team.

When Outlook opens a specially crafted .iCal meeting request and parses a malformed VEVENT request, it may corrupt system memory in such a way that an attacker could execute arbitrary code and take complete control of an affected system.

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The firm said that it notified Microsoft about the problem today, and both companies are working to create a solution.

More on the Web:

http://www.snort.org/vrt/advisories/vrt-rules-2007-01-09.html