TITLE: Microsoft Outlook / Exchange TNEF Decoding Arbitrary Code Execution Vulnerability SECUNIA ADVISORY ID: SA18368 VERIFY ADVISORY: http://secunia.com/advisories/18368/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Exchange 2000 Enterprise Server http://secunia.com/product/42/ Microsoft Exchange 5 http://secunia.com/product/177/ Microsoft Exchange 5.5 http://secunia.com/product/148/ Microsoft Exchange Server 2000 http://secunia.com/product/41/ Microsoft Outlook 2000 http://secunia.com/product/33/ Microsoft Outlook 2002 http://secunia.com/product/34/ Microsoft Outlook 2003 http://secunia.com/product/3292/ DESCRIPTION: A vulnerability has been reported in Microsoft Outlook / Exchange, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to boundary error when decoding the Transport Neutral Encapsulation Format (TNEF) MIME attachment. This can be exploited to execute arbitrary code when the user opens or previews a specially crafted TNEF email message or when the Microsoft Exchange Server Information Store processes the message. SOLUTION: Apply patches. -- Microsoft Office 2000 Service Pack 3 -- Microsoft Outlook 2000: http://www.microsoft.com/downloads/details.aspx?FamilyId=64D0336D-F962-4AB1-A724-9F6BA2108CB9 Microsoft Office 2000 MultiLanguage Packs: http://www.microsoft.com/downloads/details.aspx?FamilyId=2C0FA7C7-91AA-49B4-9731-9E83E3E0823D Microsoft Outlook 2000 English MultiLanguage Packs: http://www.microsoft.com/downloads/details.aspx?FamilyId=2C0FA7C7-91AA-49B4-9731-9E83E3E0823D -- Microsoft Office XP Service Pack 3 -- Microsoft Outlook 2002: http://www.microsoft.com/downloads/details.aspx?FamilyId=9A85CEBB-0D9A-465D-A4BC-AF501562772D Microsoft Office XP Multilingual User Interface Packs: http://www.microsoft.com/downloads/details.aspx?FamilyId=CCA9399A-6DA3-4163-8398-C58DC328182B -- Microsoft Office 2003 Service Pack 1 and Service Pack 2 -- Microsoft Outlook 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=1D156043-B041-4305-8442-3C4E3B832788 Microsoft Office 2003 Multilingual User Interface Packs: http://www.microsoft.com/downloads/details.aspx?FamilyId=D69554AD-196F-4789-91E5-B2A753EED854 Microsoft Office 2003 Language Interface Packs: http://www.microsoft.com/downloads/details.aspx?FamilyID=db080de8-8193-4c32-9019-9980ecd6874a -- Microsoft Exchange Server -- Microsoft Exchange Server 5.0 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=0A8DF1C3-ABF9-4A21-9B49-81FA362B251F Microsoft Exchange Server 5.5 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?FamilyId=EC6BD30E-12DE-4CA1-9432-D2E73AF62427 Microsoft Exchange 2000 Server Pack 3 (with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004): http://www.microsoft.com/downloads/details.aspx?FamilyId=372FF07F-C3CA-4301-8559-9B90344EDC02 Note: Microsoft Exchange Server 2003 SP1/SP2 are not affected. PROVIDED AND/OR DISCOVERED BY: The vendor credits John Heasman and Mark Litchfield of NGS Software. ORIGINAL ADVISORY: MS06-003 (KB902412): http://www.microsoft.com/technet/security/Bulletin/MS06-003.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------