Check Point Advisories

Update Protection against Microsoft Exchange Vulnerability (MS06-019)

Check Point Reference: CPAI-2006-042
Date Published: 9 May 2006
Severity: Critical
Last Updated: Monday 07 May, 2007
Source: Microsoft Security Bulletin MS06-019
Industry Reference:CVE-2006-0027
Protection Provided by:
Who is Vulnerable? Microsoft Exchange Server 2000 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004(870540)
Microsoft Exchange Server 2003 Service pack 1 and Service Pack 2
Vulnerability Description A vulnerability exists in Microsoft Exchange Server that could allow an attacker to take complete control of the affected system. To exploit the vulnerability, an attacker would have to construct a specially crafted message that could potentially allow remote code execution when an Exchange Server processes an email with certain MIME vCal or iCal properties. vCal and iCal are  MIME content types used by Microsoft Exchange Server and email clients when sending and exchanging information related to calendars and scheduling.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS06-019
Vulnerability DetailsThe vulnerability specifically exists in the EXCDO and CDOEX functionality provided with Exchange server. Collaboration Data Objects for Exchange (CDOEX) and Exchange Collaboration Data Objects (EXCDO) are interfaces that allow for certain types of information to be processed in the Exchange store.These interfaces do not properly process certain iCAL and vCAL properties, which are MIME content types provided in email messages.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.