Microsoft Outlook and Microsoft Exchange contain a buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a system running the vulnerable software.
Transport Neutral Encapsulation Format (TNEF)
TNEF is a proprietary Microsoft format for encoding rich text email messages. Microsoft Outlook and Microsoft Exchange support the use of TNEF-encoded messages.
A remote unauthenticated attacker may be able to execute arbitrary code on a system running the vulnerable software. Microsoft Outlook can trigger the vulnerability when it opens or displays a preview for a specially crafted message. Microsoft Exchange can trigger the vulnerability when it processes a specially crafted message.
Apply a patch from your vendor
This vulnerability was reported by Microsoft, who in turn credit John Heasman and Mark Litchfield of NGS Software.
|Date First Published:||2006-01-10|
|Date Last Updated:||2006-01-17 01:26 UTC|