Check Point Advisories

Block Windows Address Book Contact Record Vulnerability (MS06-076)

Check Point Reference: CPAI-2006-147
Date Published: 13 Dec 2006
Severity: High
Last Updated: Thursday 03 May, 2007
Source: Microsoft Security Bulletin MS06-076
Industry Reference:CVE-2006-2386
Protection Provided by:
Who is Vulnerable? Microsoft Outlook Express 5.5 SP2 on Windows 2000 SP4
Microsoft Outlook Express 6 SP1 on Windows 2000 SP4
Microsoft Outlook Express 6 on Windows XP SP2
Microsoft Outlook Express 6 on Windows XP Professional x64 Edition
Microsoft Outlook Express 6 on Windows Server 2003
Microsoft Outlook Express 6 on Windows Server 2003 SP1
Microsoft Outlook Express 6 on Windows Server 2003 x64 Edition
Microsoft Outlook Express 6 on Windows Server 2003 (Itanium)
Microsoft Outlook Express 6 on Windows Server 2003 SP1 (Itanium)
Vulnerability Description A remote code execution vulnerability has been discovered in Microsoft Outlook Express. The vulnerability is due to a buffer overflow error in the Windows Address Book (WAB) functions within Outlook Express. Windows Address Book is an application used for storing contact information. A remote attacker can exploit the vulnerability to execute arbitrary code on a target system.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS06-076
Vulnerability DetailsAn attacker can exploit this vulnerability via a specially crafted '.wab' file. A remote attacker can trigger the flaw by convincing a user to view a specially crafted HTML document containing a malicious '.wab' file. Successful exploitation could allow execution of arbitrary code once the page is loaded.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK