ID CVE-2006-0027
Summary Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.
References
Vulnerable Configurations
  • Microsoft Exchange Server 2000 Service Pack 3
    cpe:2.3:a:microsoft:exchange_server:2000:sp3
  • Microsoft Exchange Server 2003 Service Pack 1
    cpe:2.3:a:microsoft:exchange_server:2003:sp1
  • Microsoft Exchange Server 2003 Service Pack 2
    cpe:2.3:a:microsoft:exchange_server:2003:sp2
CVSS
Base: 7.5 (as of 10-05-2006 - 10:47)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
metasploit via4
description This module triggers a heap overflow vulnerability in MS Exchange that occurs when multiple malformed MODPROP values occur in a VCAL request.
id MSF:AUXILIARY/DOS/WINDOWS/SMTP/MS06_019_EXCHANGE
last seen 2019-03-18
modified 2017-07-24
published 2007-05-01
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/smtp/ms06_019_exchange.rb
title MS06-019 Exchange MODPROP Heap Overflow
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS06-019.NASL
description The remote host is running a version of Exchange that is vulnerable to a bug in the vCal or iCal attachment handling routine that could allow an attacker execute arbitrary code on the remote host by sending a specially crafted email.
last seen 2019-02-21
modified 2018-11-15
plugin id 21332
published 2006-05-09
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=21332
title MS06-019: Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803)
oval via4
  • accepted 2008-05-05T04:00:14.118-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Clifford Farrugia
      organization GFI Software
    description Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.
    family windows
    id oval:org.mitre.oval:def:1818
    status accepted
    submitted 2006-05-10T03:16:00.000-04:00
    title Exchange 2000,SP4 Calendar Vulnerability
    version 7
  • accepted 2008-05-05T04:00:15.037-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Clifford Farrugia
      organization GFI Software
    description Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.
    family windows
    id oval:org.mitre.oval:def:1996
    status accepted
    submitted 2006-05-10T03:16:00.000-04:00
    title Exchange 2003,SP2 Calendar Vulnerability
    version 7
  • accepted 2008-05-05T04:00:16.084-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Clifford Farrugia
      organization GFI Software
    description Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.
    family windows
    id oval:org.mitre.oval:def:2035
    status accepted
    submitted 2006-05-10T03:16:00.000-04:00
    title Exchange 2003,SP1 Calendar Vulnerability
    version 7
refmap via4
bid 17908
cert TA06-129A
cert-vn VU#303452
ms MS06-019
osvdb 25338
sectrack 1016048
secunia 20029
vupen ADV-2006-1743
xf exchange-calendar-code-execution(25556)
Last major update 15-04-2011 - 00:00
Published 09-05-2006 - 22:10
Last modified 12-10-2018 - 17:38
Back to Top