[Fwd: [SA18368] Microsoft Outlook / Exchange TNEF Decoding
Arbitrary Code Execution Vulnerability]
Carl Andrews
carl.andrews at CRACKERBARREL.COM
Tue Jan 10 21:58:00 GMT 2006
Anyone blocking these?
My /etc/mime-magic does not have the ms/tnef and I can not find a
winmail.dat file. Can anyone tell me what I need to add to mime-magic so
I can put these in my filetype.rules ?
Thanks!
Carl
-------- Forwarded Message --------
From: Secunia Security Advisories <sec-adv at secunia.com>
To: carl.andrews at crackerbarrel.com
Subject: [SA18368] Microsoft Outlook / Exchange TNEF Decoding Arbitrary
Code Execution Vulnerability
Date: 10 Jan 2006 21:02:44 -0000
TITLE:
Microsoft Outlook / Exchange TNEF Decoding Arbitrary Code Execution
Vulnerability
SECUNIA ADVISORY ID:
SA18368
VERIFY ADVISORY:
http://secunia.com/advisories/18368/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Microsoft Exchange 2000 Enterprise Server
http://secunia.com/product/42/
Microsoft Exchange 5
http://secunia.com/product/177/
Microsoft Exchange 5.5
http://secunia.com/product/148/
Microsoft Exchange Server 2000
http://secunia.com/product/41/
Microsoft Outlook 2000
http://secunia.com/product/33/
Microsoft Outlook 2002
http://secunia.com/product/34/
Microsoft Outlook 2003
http://secunia.com/product/3292/
DESCRIPTION:
A vulnerability has been reported in Microsoft Outlook / Exchange,
which can be exploited by malicious people to compromise a vulnerable
system.
The vulnerability is caused due to boundary error when decoding the
Transport Neutral Encapsulation Format (TNEF) MIME attachment. This
can be exploited to execute arbitrary code when the user opens or
previews a specially crafted TNEF email message or when the Microsoft
Exchange Server Information Store processes the message.
SOLUTION:
Apply patches.
-- Microsoft Office 2000 Service Pack 3 --
Microsoft Outlook 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=64D0336D-F962-4AB1-A724-9F6BA2108CB9
Microsoft Office 2000 MultiLanguage Packs:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2C0FA7C7-91AA-49B4-9731-9E83E3E0823D
Microsoft Outlook 2000 English MultiLanguage Packs:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2C0FA7C7-91AA-49B4-9731-9E83E3E0823D
-- Microsoft Office XP Service Pack 3 --
Microsoft Outlook 2002:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9A85CEBB-0D9A-465D-A4BC-AF501562772D
Microsoft Office XP Multilingual User Interface Packs:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CCA9399A-6DA3-4163-8398-C58DC328182B
-- Microsoft Office 2003 Service Pack 1 and Service Pack 2 --
Microsoft Outlook 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1D156043-B041-4305-8442-3C4E3B832788
Microsoft Office 2003 Multilingual User Interface Packs:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D69554AD-196F-4789-91E5-B2A753EED854
Microsoft Office 2003 Language Interface Packs:
http://www.microsoft.com/downloads/details.aspx?FamilyID=db080de8-8193-4c32-9019-9980ecd6874a
-- Microsoft Exchange Server --
Microsoft Exchange Server 5.0 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0A8DF1C3-ABF9-4A21-9B49-81FA362B251F
Microsoft Exchange Server 5.5 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=EC6BD30E-12DE-4CA1-9432-D2E73AF62427
Microsoft Exchange 2000 Server Pack 3 (with the Exchange 2000
Post-Service Pack 3 Update Rollup of August 2004):
http://www.microsoft.com/downloads/details.aspx?FamilyId=372FF07F-C3CA-4301-8559-9B90344EDC02
Note: Microsoft Exchange Server 2003 SP1/SP2 are not affected.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits John Heasman and Mark Litchfield of NGS Software.
ORIGINAL ADVISORY:
MS06-003 (KB902412):
http://www.microsoft.com/technet/security/Bulletin/MS06-003.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=carl.andrews%40crackerbarrel.com
----------------------------------------------------------------------
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list