Lucene search

[email protected]CVE-2006-0002

HistoryJan 10, 2006 - 10:03 p.m.

CVE-2006-0002

2006-01-1022:03:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2006-0002

microsoft

outlook

exchange

vulnerability

remote code execution

tnef

mime

security

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.937 High

EPSS

Percentile

99.1%

JSON

Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.

CPENameOperatorVersion
microsoft:exchange_servermicrosoft exchange servereq5.5
microsoft:officemicrosoft officeeq2003
microsoft:officemicrosoft officeeqxp
microsoft:outlookmicrosoft outlookeq2000
microsoft:outlookmicrosoft outlookeq2003
microsoft:outlookmicrosoft outlookeq2002
microsoft:exchange_servermicrosoft exchange servereq2000
microsoft:exchange_servermicrosoft exchange servereq5.0
microsoft:officemicrosoft officeeq2000

CPE	Name	Operator	Version
microsoft:exchange_server	microsoft exchange server	eq	5.5
microsoft:office	microsoft office	eq	2003
microsoft:office	microsoft office	eq	xp
microsoft:outlook	microsoft outlook	eq	2000
microsoft:outlook	microsoft outlook	eq	2003
microsoft:outlook	microsoft outlook	eq	2002
microsoft:exchange_server	microsoft exchange server	eq	2000
microsoft:exchange_server	microsoft exchange server	eq	5.0
microsoft:office	microsoft office	eq	2000

References

secunia.com/advisories/18368

securityreason.com/securityalert/330

securityreason.com/securityalert/331

securitytracker.com/id?1015460

securitytracker.com/id?1015461

support.avaya.com/elmodocs2/security/ASA-2006-004.htm

www.kb.cert.org/vuls/id/252146

www.securityfocus.com/archive/1/421518/100/0/threaded

www.securityfocus.com/archive/1/421520/100/0/threaded

www.securityfocus.com/bid/16197

www.us-cert.gov/cas/techalerts/TA06-010A.html

www.vupen.com/english/advisories/2006/0119

docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-003

exchange.xforce.ibmcloud.com/vulnerabilities/22878

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1082

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1165

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1316

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1456

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1485

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A624

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.937 High

EPSS

Percentile

99.1%

JSON

Related for CVE-2006-0002

checkpoint_advisories3 nessus1 securityvulns2 cert1 prion1