Vulnerability Note VU#303452
Microsoft Exchange fails to properly handle vCal and iCal properties
Microsoft Exchange Server does not properly handle the vCal and iCal properties of email messages. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on an Exchange Server.
Microsoft Exchange Server
Microsoft's Exchange Server supports a number of protocols for handling email, including the Simple Mail Transfer Protocol (SMTP) and SMTP extended verbs as defined by RFC 2821.
A remote, unauthenticated attacker may be able execute arbitrary code on a vulnerable system.
Apply an update
Microsoft has addressed this issue in Microsoft Security Bulletin MS06-019.
Refer to Microsoft Security Bulletin MS06-019 for workarounds for this issue.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||09 May 2006|
CVSS Metrics (Learn More)
This vulnerability was reported in Microsoft Security Bulletin MS06-019.
This document was written by Jeff Gennari based on information provided by Microsoft.
- CVE IDs: CVE-2006-0027
- Date Public: 09 May 2006
- Date First Published: 09 May 2006
- Date Last Updated: 22 Jun 2006
- Severity Metric: 22.27
- Document Revision: 43
If you have feedback, comments, or additional information about this vulnerability, please send us email.