Microsoft Outlook/Exchange TNEF解码远程代码执行漏洞(MS06-003)

2006-10-28T00:00:00
ID SSV:307
Type seebug
Reporter Root
Modified 2006-10-28T00:00:00

Description

Microsoft Outlook和Exchange都是微软发布的邮件处理软件。

Microsoft Outlook和Microsoft Exchange Server解码传输中立封装格式(TNEF)MIME附件的方式存在漏洞,攻击者可能利用此漏洞在机器上执行任意指令。

攻击者可以创建特制的TNEF消息,如果用户打开或浏览了恶意的邮件消息或Microsoft Exchange Server Information Store处理了该特制消息的话,就可能执行任意代码。

Microsoft Exchange Server 5.5 Microsoft Exchange Server 5.0 Microsoft Exchange Server 2000 Microsoft Office XP MUI Microsoft Office 2003 MUI Microsoft Office 2003 LIP Microsoft Office 2000 MUI Microsoft Outlook 2003 Microsoft Outlook 2002 Microsoft Outlook 2000

Microsoft已经为此发布了一个安全公告(MS06-003)以及相应补丁: MS06-003:Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412) 链接:http://www.microsoft.com/technet/security/Bulletin/MS06-003.mspx