Check Point Advisories

Update Protection against a Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange (MS06-003)

Check Point Reference: CPAI-2006-002
Date Published: 11 Jan 2006
Severity: High
Last Updated: Tuesday 08 May, 2007
Source: Microsoft Security Bulletin MS06-003
Industry Reference:CVE-2006-0002
Protection Provided by:
Who is Vulnerable? Microsoft Exchange Server 5.0
Microsoft Exchange Server 5.5
Microsoft Exchange Server 2000
Microsoft Outlook 2000
Microsoft Outlook 2002
Microsoft Outlook 2003
Vulnerability Description A vulnerability exists in the way Microsoft Exchange server and Microsoft Outlook products handle the decoding of the Transport Neutral Encapsulation (TNEF) MIME attachment. The TNEF format is used by many Microsoft products such as Exchange and Outlook to transfer messages formatted as Rich Text Format (RTF). An attacker can supply a crafted TNEF attachment and take complete control of an affected system.
Vulnerability StatusNo exploit has been published so far.
Update/Patch AvaliablePlease review Microsoft Security Bulletin MS06-003 for a complete list of affected products and their patches:
http://www.microsoft.com/technet/security/bulletin/MS06-003.mspx
Vulnerability DetailsA vulnerability exists in the component responsible for TNEF decoding in Microsoft Exchange server and Microsoft Outlook products. These products fail to properly validate several object value sizes in a TNEF attachment. The values describing an object size supplied in a message are not specified within certain ranges, allowing for overly large values to be specified.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK