Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
CVSS v2.0 Score
7.5
/ 10.0
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Information
- Published
- 10 janv. 2006
- Updated
- 16 avr. 2026
- Status
- Modified
- Source
- secure@microsoft.com
Affected products
microsoft exchange server
Versions : 5.0, 5.5, 2000
microsoft office
Versions : 2000, 2003, xp
microsoft outlook
Versions : 2000, 2002, 2003
Weaknesses (CWE)
NVD-CWE-noinfo
References (40)
- http://secunia.com/advisories/18368PatchThird Party Advisory
- http://securityreason.com/securityalert/330Third Party Advisory
- http://securityreason.com/securityalert/331Third Party Advisory
- http://securitytracker.com/id?1015460PatchThird Party AdvisoryVDB Entry
- http://securitytracker.com/id?1015461PatchThird Party AdvisoryVDB Entry
- http://support.avaya.com/elmodocs2/security/ASA-2006-004.htmThird Party Advisory
- http://www.kb.cert.org/vuls/id/252146Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/archive/1/421518/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/421520/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/16197PatchThird Party AdvisoryVDB Entry
- http://www.us-cert.gov/cas/techalerts/TA06-010A.htmlPatchThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2006/0119Permissions Required
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22878Third Party AdvisoryVDB Entry
- + 25 more references on NVD
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.