Microsoft Outlook/Exchange TNEF解码远程代码执行漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1196389 漏洞类型 边界条件错误
发布时间 2006-01-10 更新时间 2006-02-07
CVE编号 CVE-2006-0002 CNNVD-ID CNNVD-200601-092
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/16197
https://cxsecurity.com/issue/WLB-2006010020
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200601-092
|漏洞详情
MicrosoftOutlook和Exchange都是微软发布的邮件处理软件。MicrosoftOutlook和MicrosoftExchangeServer解码传输中立封装格式(TNEF)MIME附件的方式存在漏洞,攻击者可能利用此漏洞在机器上执行任意指令。攻击者可以创建特制的TNEF消息,如果用户打开或浏览了恶意的邮件消息或MicrosoftExchangeServerInformationStore处理了该特制消息的话,就可能执行任意代码。
|漏洞EXP
John Heasman and Mark Litchfield of NGSSoftware have discovered a critical 
vulnerability
affecting Microsoft Exchange.  The vulnerable versions include:

Microsoft Exchange Server 5.0 Service Pack 2
Microsoft Exchange Server 5.5 Service Pack 4
Microsoft Exchange 2000 Server Pack 3 with the Post-Service Pack 3 Update 
Rollup of August 2004

Microsoft Exchange Server 2003 Service Pack 1 and Microsoft Exchange Server 
2003 Service Pack 2
are *not* affected.

The vulnerability potentially allows execution of arbitrary code when the 
Microsoft
Exchange Server Information Store processes a specially crafted email 
message.

The flaw has now been addressed and patches are available from:

http://www.microsoft.com/technet/security/Bulletin/MS06-003.mspx

NGSSoftware are going to withhold details of this flaw for three months. 
Full details will
be published on the 10th April 2006.  This three month window will allow 
system
administrators the time needed to obtain the patch before the details are 
released to the
general public.  This reflects NGSSoftware's approach to responsible 
disclosure.

http://www.ngssoftware.com/disclosure.pdf

NGSSoftware Insight Security Research
http://www.ngssoftware.com
http://www.databasesecurity.com/
http://www.nextgenss.com/
+44(0)208 401 0070

Mark Litchfield
www.ngssoftware.com
Tel: +44 208 40 100 70
Fax: +44 208 40 100 76
Cell: +1 253 414 4749

--

The information contained in this email and any subsequent correspondence is 
private, is solely for the intended recipient(s) and may contain 
confidential or privileged information. For those other than the intended 
recipient(s), any disclosure, copying, distribution, or any other action 
taken, or omitted to be taken, in reliance on such information is prohibited 
and may be unlawful. If you are not the intended recipient and have received 
this message in error, please inform the sender and delete this mail and any 
attachments.

The views expressed in this email do not necessarily reflect NGS policy. NGS 
accepts no liability or responsibility for any onward transmission or use of 
emails and attachments having left the NGS domain.
|受影响的产品
Nortel Networks Self-Service 0 Nortel Networks Passport Multiservice Data Manager (MDM) Nortel Networks Optivity Telephony Manager for SL-100 Microsoft Outlook 2003 0 +
|参考资料

来源:US-CERT
名称:TA06-010A
链接:http://www.us-cert.gov/cas/techalerts/TA06-010A.html
来源:US-CERT
名称:VU#252146
链接:http://www.kb.cert.org/vuls/id/252146
来源:BID
名称:16197
链接:http://www.securityfocus.com/bid/16197
来源:BUGTRAQ
名称:20060110MicrosoftOutlookCriticalVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/421520/100/0/threaded
来源:BUGTRAQ
名称:20060110MicrosoftExchangeCriticalVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/421518/100/0/threaded
来源:MS
名称:MS06-003
链接:http://www.microsoft.com/technet/security/bulletin/ms06-003.mspx
来源:VUPEN
名称:ADV-2006-0119
链接:http://www.frsirt.com/english/advisories/2006/0119
来源:SECTRACK
名称:1015461
链接:http://securitytracker.com/id?1015461
来源:SECTRACK
名称:1015460
链接:http://securitytracker.com/id?1015460
来源:SECUNIA
名称:18368
链接:http://secunia.com/advisories/18368
来源:support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm
来源:XF
名称:win-tnef-overflow(22878)
链接:http://xforce.iss.net/xforce/xfdb/22878
来源:SREASON