| Vulnerability Name: | CVE-2006-0014 (CCN-25535) | ||||||||||||||||||||||||||||||||
| Assigned: | 2005-11-09 | ||||||||||||||||||||||||||||||||
| Published: | 2006-04-11 | ||||||||||||||||||||||||||||||||
| Updated: | 2018-10-19 | ||||||||||||||||||||||||||||||||
| Summary: | Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. | ||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Tue Apr 11 2006 - 12:53:05 CDT ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability Source: MITRE Type: CNA CVE-2006-0014 Source: FULLDISC Type: UNKNOWN 20060411 ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability Source: CCN Type: SA19617 Outlook Express Windows Address Book File Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory 19617 Source: SREASON Type: UNKNOWN 691 Source: CCN Type: SECTRACK ID: 1015898 Microsoft Outlook Express Buffer Overflow in Processing Windows Address Books Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015898 Source: CCN Type: ASA-2006-079 Windows Security Updates for April 2006 - (MS06-013 - MS06-017) Source: CCN Type: Microsoft Security Bulletin MS06-016 Cumulative Security Updates for Outlook Express (911567) Source: CCN Type: Microsoft Security Bulletin MS06-076 Cumulative Security Update for Outlook Express (923694) Source: CCN Type: Microsoft Security Bulletin MS07-034 Cumulative Security Update for Outlook Express and Windows Mail (929123) Source: CCN Type: Microsoft Security Bulletin MS07-056 Security Update for Outlook Express and Windows Mail (941202) Source: CCN Type: Microsoft Security Bulletin MS08-048 Security Update for Outlook Express and Windows Mail (951066) Source: CCN Type: Microsoft Security Bulletin MS10-030 Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542) Source: BUGTRAQ Type: UNKNOWN 20060411 ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability Source: BID Type: UNKNOWN 17459 Source: CCN Type: BID-17459 Microsoft Outlook Express Windows Address Book File Parsing Buffer Overflow Vulnerability Source: VUPEN Type: UNKNOWN ADV-2006-1321 Source: MISC Type: Vendor Advisory http://www.zerodayinitiative.com/advisories/ZDI-06-007.html Source: MS Type: UNKNOWN MS06-016 Source: XF Type: UNKNOWN outlook-express-wab-bo(25535) Source: XF Type: UNKNOWN outlook-express-wab-bo(25535) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1611 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1682 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1769 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1771 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1780 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1791 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:812 Source: CCN Type: ZDI-06-007 Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability | ||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||