| Vulnerability Name: | CVE-2006-0002 (CCN-22878) | ||||||||||||||||||||||||||||
| Assigned: | 2005-11-09 | ||||||||||||||||||||||||||||
| Published: | 2006-01-10 | ||||||||||||||||||||||||||||
| Updated: | 2020-04-09 | ||||||||||||||||||||||||||||
| Summary: | Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2006-0002 Source: CCN Type: SA18368 Microsoft Outlook / Exchange TNEF Decoding Arbitrary Code Execution Source: SECUNIA Type: Patch, Third Party Advisory 18368 Source: SREASON Type: Third Party Advisory 330 Source: SREASON Type: Third Party Advisory 331 Source: CCN Type: SECTRACK ID: 1015460 Microsoft Exchange Buffer Overflow in Processing TNEF Messages Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: Patch, Third Party Advisory, VDB Entry 1015460 Source: CCN Type: SECTRACK ID: 1015461 Microsoft Outlook Buffer Overflow in Processing TNEF Messages Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: Patch, Third Party Advisory, VDB Entry 1015461 Source: CONFIRM Type: Third Party Advisory http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm Source: CCN Type: ASA-2006-004 Windows Security Updates for January 2006 - (MS06-002 MS06-003) Source: CCN Type: Microsoft Security Bulletin MS13-068 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473) Source: CCN Type: Microsoft Security Bulletin MS14-082 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3017349) Source: CCN Type: US-CERT VU#252146 Microsoft Outlook and Microsoft Exchange TNEF decoding buffer overflow Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#252146 Source: CCN Type: Microsoft Security Bulletin MS06-003 Vulnerability in TNEF decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412) Source: CCN Type: Microsoft Security Bulletin MS06-009 Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190) Source: CCN Type: Microsoft Security Bulletin MS06-012 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413) Source: CCN Type: Microsoft Security Bulletin MS07-003 Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938) Source: CCN Type: Microsoft Security Bulletin MS08-015 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031) Source: CCN Type: Microsoft Security Bulletin MS09-060 Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965 Source: CCN Type: Microsoft Security Bulletin MS10-045 Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212) Source: CCN Type: Microsoft Security Bulletin MS10-064 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011) Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20060110 Microsoft Exchange Critical Vulnerability Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20060110 Microsoft Outlook Critical Vulnerability Source: BID Type: Patch, Third Party Advisory, VDB Entry 16197 Source: CCN Type: BID-16197 Microsoft Outlook / Microsoft Exchange TNEF Decoding Remote Code Execution Vulnerability Source: CERT Type: Patch, Third Party Advisory, US Government Resource TA06-010A Source: VUPEN Type: Permissions Required ADV-2006-0119 Source: CCN Type: Internet Security Systems Protection Alert January 10, 2006 Malformed TNEF Processing Vulnerability Source: MS Type: Patch, Vendor Advisory MS06-003 Source: XF Type: Third Party Advisory, VDB Entry win-tnef-overflow(22878) Source: XF Type: UNKNOWN win-tnef-overflow(22878) Source: CCN Type: IBM Internet Security Systems X-Force Database Microsoft Windows Knowledge Base Article 902412 update is not installed Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:1082 Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:1165 Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:1316 Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:1456 Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:1485 Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:624 | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||