Microsoft Exchange Collaboration Data Objects Crafted Email Code Execution

2006-05-09T12:47:33
ID OSVDB:25338
Type osvdb
Reporter OSVDB
Modified 2006-05-09T12:47:33

Description

Vulnerability Description

Microsoft Exchange contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered due to an error within the EXCDO (Exchange Collaboration Data Objects) and CDOEX (Collaboration Data Objects for Exchange) functionality when processing iCal and vCal properties in email messages. It is possible that the flaw may allow remote code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Short Description

Microsoft Exchange contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered due to an error within the EXCDO (Exchange Collaboration Data Objects) and CDOEX (Collaboration Data Objects for Exchange) functionality when processing iCal and vCal properties in email messages. It is possible that the flaw may allow remote code execution resulting in a loss of integrity.

References:

Security Tracker: 1016048 Secunia Advisory ID:20029 Nessus Plugin ID:21332 Microsoft Security Bulletin: MS06-019 Microsoft Knowledge Base Article: 916803 ISS X-Force ID: 25556 FrSIRT Advisory: ADV-2006-1743 CVE-2006-0027 CERT VU: 303452 Bugtraq ID: 17908