CVE-2006-0002

Severity

75%

Complexity

99%

Confidentiality

106%

Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.

Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Microsoft

First reported 19 years ago

2006-01-10 22:03:00

Last updated 4 years ago

2020-04-09 13:29:00

Affected Software

Microsoft Exchange Server 5.0

5.0

Microsoft Exchange Server 5.0 Service Pack 1

5.0

Microsoft Exchange Server 5.0 Service Pack 2

5.0

Microsoft Exchange Server 5.5

5.5

Microsoft Exchange Server 5.5 Service Pack 1

5.5

Microsoft Exchange Server 5.5 Service Pack 2

5.5

Microsoft Exchange Server 5.5 Service Pack 3

5.5

Microsoft Exchange Server 5.5 Service Pack 4

5.5

Microsoft Exchange Server 2000 Service Pack 3

2000

Microsoft Office 2000 sp3

2000

Microsoft Office 2003 sp1

2003

Microsoft Office 2003 sp2

2003

Microsoft Office XP Service Pack 3

xp

Microsoft Outlook 2000 sp3

2000

Microsoft Outlook 2002 Service Pack 3

2002

Microsoft Outlook 2003

2003

References

18368

Patch, Third Party Advisory

330

Third Party Advisory

331

Third Party Advisory

1015460

Patch, Third Party Advisory, VDB Entry

1015461

Patch, Third Party Advisory, VDB Entry

http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm

Third Party Advisory

VU#252146

Third Party Advisory, US Government Resource

20060110 Microsoft Exchange Critical Vulnerability

Third Party Advisory, VDB Entry

20060110 Microsoft Outlook Critical Vulnerability

Third Party Advisory, VDB Entry

16197

Patch, Third Party Advisory, VDB Entry

TA06-010A

Patch, Third Party Advisory, US Government Resource

ADV-2006-0119

Permissions Required

MS06-003

Patch, Vendor Advisory

win-tnef-overflow(22878)

Third Party Advisory, VDB Entry

oval:org.mitre.oval:def:1082

Third Party Advisory

oval:org.mitre.oval:def:1165

Third Party Advisory

oval:org.mitre.oval:def:1316

Third Party Advisory

oval:org.mitre.oval:def:1456

Third Party Advisory

oval:org.mitre.oval:def:1485

Third Party Advisory

oval:org.mitre.oval:def:624

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.