MS06-003 TNEF Decoding vulnerability in Outlook and Exchange
Joshua Hirsh
joshua.hirsh at PARTNERSOLUTIONS.CA
Wed Jan 11 14:18:54 GMT 2006
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Hi List,
MS06-003 was released last night:
"Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution"
http://www.microsoft.com/technet/security/Bulletin/MS06-003.mspx
I can't verify for sure, but I have a feeling that if "Deliver Unparsable TNEF" is set to no, this attack might very well be mitigated, at least until some virus signatures exist.
-Joshua
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list