Vulnerable versions of Outlook

Eric Sites here did some quick and dirty testing to see what versions of Outlook are vulnerable to the VML exploit.  Here’s our current list:

Outlook 2007 - 12.0.417.1006, Can view VML but apparently not vulnerable. 
Outlook 2002 - not vulnerable
Outlook 2000 - not vulnerable
Outlook 2003 11.5608.8028 – not vulnerable
Outlook 2003 11.5608.5606– not vulnerable
Outlook 2003 11.6568.6568 SP2 – not tested
Outlook 2003 11.8010.8036 SP2 – vulnerable

So, ironically, your most patched version of Outlook 2003 is the most likely at risk.

A mitigation is turning off the Preview Pane and reading all your email in plain text.  Or, simply disable VML — easy and quite effective.  We’ve done it company-wide ourselves.

Alex Eckelberry