CVE-2006-0002

Vulnerability Description

Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.

CVSS Score

Affected Products

References

• http://secunia.com/advisories/18368PatchThird Party Advisory
• http://securityreason.com/securityalert/330Third Party Advisory
• http://securityreason.com/securityalert/331Third Party Advisory
• http://securitytracker.com/id?1015460PatchThird Party AdvisoryVDB Entry
• http://securitytracker.com/id?1015461PatchThird Party AdvisoryVDB Entry
• http://support.avaya.com/elmodocs2/security/ASA-2006-004.htmThird Party Advisory
• http://www.kb.cert.org/vuls/id/252146Third Party AdvisoryUS Government Resource
• http://www.securityfocus.com/archive/1/421518/100/0/threadedThird Party AdvisoryVDB Entry
• http://www.securityfocus.com/archive/1/421520/100/0/threadedThird Party AdvisoryVDB Entry
• http://www.securityfocus.com/bid/16197PatchThird Party AdvisoryVDB Entry
• http://www.us-cert.gov/cas/techalerts/TA06-010A.htmlPatchThird Party AdvisoryUS Government Resource
• http://www.vupen.com/english/advisories/2006/0119Permissions Required
• https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-00PatchVendor Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/22878Third Party AdvisoryVDB Entry
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory