Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0002

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0002
Last Modified 12 Apr 2011 12:00:00
Published 10 Jan 2006 05:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0002

Summary

Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.

Vulnerable Systems

Application

  • Microsoft Exchange Server 2000

  • Microsoft Exchange Server 5.0

  • Microsoft Exchange Server 5.5

  • Microsoft Office 2000

  • Microsoft Office 2003

  • Microsoft Office Xp

  • Microsoft Outlook 2000

  • Microsoft Outlook 2002

  • Microsoft Outlook 2003


References

CERT - TA06-010A

CERT-VN - VU#252146

BID - 16197

BUGTRAQ - 20060110 Microsoft Outlook Critical Vulnerability

BUGTRAQ - 20060110 Microsoft Exchange Critical Vulnerability

MS - MS06-003

SECTRACK - 1015461

SECTRACK - 1015460

SECUNIA - 18368

XF - win-tnef-overflow(22878)

VUPEN - ADV-2006-0119

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm

SREASON - 331

SREASON - 330


Last Updated: 27 May 2016 10:41:28