TITLE: Outlook Express Windows Address Book File Vulnerability SECUNIA ADVISORY ID: SA19617 VERIFY ADVISORY: http://secunia.com/advisories/19617/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Outlook Express 6 http://secunia.com/product/102/ Microsoft Outlook Express 5.5 http://secunia.com/product/189/ DESCRIPTION: A vulnerability has been reported in Microsoft Outlook Express, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when parsing Windows Address Book (.wab) files. This can be exploited to cause a buffer overflow if a user is tricked into opening a specially crafted .wab file. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Outlook Express 6 on Windows Server 2003 and Windows Server 2003 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=484DE679-5505-4196-BDD8-F7CF325AF0F5 Outlook Express 6 on Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=A7B10D8F-D9D7-4423-AA6D-C1C41D23794E Outlook Express 6 on Windows Server 2003 on Itanium-based systems and Windows Server 2003 with SP1 for Itanium-based systems: http://www.microsoft.com/downloads/details.aspx?familyid=800BF687-BEE5-478F-A025-43CD16682F31 Outlook Express 6 on Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=0DD827BC-6FA1-405A-933E-FB422A4E8096 Outlook Express 6 on Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?familyid=FF772C0B-6F98-449D-B02E-C9C236068172 Outlook Express 6 SP1 on Windows XP SP1 or Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=CDA93501-99CB-4F28-BB73-6438CAD081DB Outlook Express 5.5 SP2 on Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=E61A3D64-14FD-4976-BB03-C31CA6EE61E2 PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Stuart Pearson * ATmaCA ORIGINAL ADVISORY: MS06-016 (KB911567): http://www.microsoft.com/technet/security/Bulletin/MS06-016.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------