Vulnerability Name: | CVE-2006-2055 (CCN-26118) | ||||||||
Assigned: | 2006-04-26 | ||||||||
Published: | 2006-04-26 | ||||||||
Updated: | 2018-10-18 | ||||||||
Summary: | Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. Note: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: MITRE Type: CNA CVE-2006-2055 Source: MITRE Type: CNA CVE-2006-2056 Source: MITRE Type: CNA CVE-2006-2057 Source: MITRE Type: CNA CVE-2006-2058 Source: CCN Type: Inge Henrikson's Technology Blog, Monday, April 24, 2006 Office 2003 file attachment exploit Source: MISC Type: UNKNOWN http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html Source: CCN Type: SA19819 Microsoft Office 2003 "mailto:" Automatic Attachment of Arbitrary Files Source: SECUNIA Type: UNKNOWN 19819 Source: OSVDB Type: UNKNOWN 25003 Source: CCN Type: OSVDB ID: 25003 Microsoft Office mailto: Arbitrary File Access Source: CCN Type: OSVDB ID: 31331 Microsoft IE mailto: Handler Arbitrary Command-Line Argument Modification Source: CCN Type: OSVDB ID: 44999 Avant Browser mailto: Scheme Handler Command Line Argument Injection Source: CCN Type: OSVDB ID: 45000 Mozilla Firefox mailto: Scheme Handler Command Line Argument Injection Source: BUGTRAQ Type: UNKNOWN 20060424 Multiple browsers Windows mailto protocol Office 2003 file attachment exploit Source: VUPEN Type: UNKNOWN ADV-2006-1538 Source: XF Type: UNKNOWN office-mailto-obtain-information(26118) Source: XF Type: UNKNOWN office-mailto-obtain-information(26118) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |