ID CVE-2006-0002
Summary Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:exchange_server:5.0:-:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:5.0:-:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:exchange_server:5.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:5.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:exchange_server:5.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:5.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:outlook:2000:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:outlook:2000:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:outlook:2002:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:outlook:2002:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 19-10-2018 - 15:41)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2006-02-22T08:27:00.000-04:00
    class vulnerability
    contributors
    name Robert L. Hollis
    organization ThreatGuard, Inc.
    description Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
    family windows
    id oval:org.mitre.oval:def:1082
    status accepted
    submitted 2006-01-11T12:56:00.000-04:00
    title Exchange 2000 Server TNEF Decoding Vulnerability
    version 63
  • accepted 2012-05-28T04:00:08.768-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Clifford Farrugia
      organization GFI Software
    • name Sharath S
      organization SecPod Technologies
    • name Shane Shaffer
      organization G2, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
    family windows
    id oval:org.mitre.oval:def:1165
    status accepted
    submitted 2006-01-11T12:56:00.000-04:00
    title Outlook 2002 TNEF Decoding Vulnerability
    version 14
  • accepted 2006-02-22T08:27:00.000-04:00
    class vulnerability
    contributors
    name Robert L. Hollis
    organization ThreatGuard, Inc.
    description Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
    family windows
    id oval:org.mitre.oval:def:1316
    status accepted
    submitted 2006-01-11T12:56:00.000-04:00
    title Exchange Server 5.0 TNEF Decoding Vulnerability
    version 3
  • accepted 2012-05-28T04:00:56.833-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Clifford Farrugia
      organization GFI Software
    • name Sharath S
      organization SecPod Technologies
    • name Shane Shaffer
      organization G2, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
    family windows
    id oval:org.mitre.oval:def:1456
    status accepted
    submitted 2006-01-11T12:56:00.000-04:00
    title Outlook 2003 TNEF Decoding Vulnerability
    version 13
  • accepted 2012-05-28T04:01:00.111-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Clifford Farrugia
      organization GFI Software
    • name Shane Shaffer
      organization G2, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
    family windows
    id oval:org.mitre.oval:def:1485
    status accepted
    submitted 2006-01-11T12:56:00.000-04:00
    title Outlook 2000 TNEF Decoding Vulnerability
    version 12
  • accepted 2007-11-13T12:01:20.045-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    description Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
    family windows
    id oval:org.mitre.oval:def:624
    status accepted
    submitted 2006-01-11T12:56:00.000-04:00
    title Exchange Server 5.5 TNEF Decoding Vulnerability
    version 64
refmap via4
bid 16197
bugtraq
  • 20060110 Microsoft Exchange Critical Vulnerability
  • 20060110 Microsoft Outlook Critical Vulnerability
cert TA06-010A
cert-vn VU#252146
confirm http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm
ms MS06-003
sectrack
  • 1015460
  • 1015461
secunia 18368
sreason
vupen ADV-2006-0119
xf win-tnef-overflow(22878)
Last major update 19-10-2018 - 15:41
Published 10-01-2006 - 22:03
Last modified 09-04-2020 - 13:29
Back to Top