Vulnerability in TNEF Decoding in Microsoft Outlook

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,301
Hiya

Sticking this for a week in here, in case no-one goes to Security :)

A remote code execution vulnerability exists in Microsoft Outlook and Microsoft Exchange Server because of the way that it decodes the Transport Neutral Encapsulation Format (TNEF) MIME attachment.

An attacker could exploit the vulnerability by constructing a specially crafted TNEF message that could potentially allow remote code execution when a user opens or previews a malicious e-mail message or when the Microsoft Exchange Server Information Store processes the specially crafted message.

An attacker who successfully exploited this vulnerability could take complete control of an affected system.


Affected Software:

• Microsoft Office 2000 Service Pack 3

Microsoft Office 2000 Software:

• Microsoft Outlook 2000
• Microsoft Office 2000 MultiLanguage Packs
• Microsoft Outlook 2000 English MultiLanguage Packs
• Microsoft Office XP Service Pack 3

Microsoft Office XP Software:

• Microsoft Outlook 2002
• Microsoft Office XP Multilingual User Interface Packs

Note Multilingual User Interface Packs are for non- English packages.

• Microsoft Office 2003 Service Pack 1 and Service Pack 2

Microsoft Office 2003 Software:

• Microsoft Outlook 2003
• Microsoft Office 2003 Multilingual User Interface Packs
• Microsoft Office 2003 Language Interface Packs

Note Multilingual User Interface Packs are for non- English packages


• Microsoft Exchange Server

• Microsoft Exchange Server 5.0 Service Pack 2
• Microsoft Exchange Server 5.5 Service Pack 4
• Microsoft Exchange 2000 Server Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004



http://www.microsoft.com/technet/security/Bulletin/MS06-003.mspx

Regards

eddie
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top