Lucene search

[email protected]CVE-2006-1305

HistoryDec 31, 2006 - 5:00 a.m.

CVE-2006-1305

2006-12-3105:00:00

CWE-399

[email protected]

web.nvd.nist.gov

microsoft outlook

denial of service

memory exhaustion

cve-2006-1305

nvd

email security

6.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.26 Low

EPSS

Percentile

96.7%

JSON

Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.

CPENameOperatorVersion
microsoft:outlookmicrosoft outlookeq2000
microsoft:officemicrosoft officeeq2000
microsoft:officemicrosoft officeeqxp
microsoft:outlookmicrosoft outlookeq2002
microsoft:outlookmicrosoft outlookeq2003
microsoft:officemicrosoft officeeq2003

CPE	Name	Operator	Version
microsoft:outlook	microsoft outlook	eq	2000
microsoft:office	microsoft office	eq	2000
microsoft:office	microsoft office	eq	xp
microsoft:outlook	microsoft outlook	eq	2002
microsoft:outlook	microsoft outlook	eq	2003
microsoft:office	microsoft office	eq	2003

References

blogs.securiteam.com/index.php/archives/347

linuxbox.org/pipermail/funsec/2006-March/005208.html

osvdb.org/ref/24/24081-outlook1.txt

secunia.com/advisories/23674

securitytracker.com/id?1017488

www.kb.cert.org/vuls/id/617436

www.osvdb.org/31253

www.securityfocus.com/archive/1/457274/100/0/threaded

www.securityfocus.com/bid/21937

www.us-cert.gov/cas/techalerts/TA07-009A.html

www.vupen.com/english/advisories/2007/0104

docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-003

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A122

6.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.26 Low

EPSS

Percentile

96.7%

JSON

Related for CVE-2006-1305

prion1 cert1 securityvulns2 nessus1