MS06-003 TNEF Decoding vulnerability in Outlook and Exchange

Joshua Hirsh joshua.hirsh at PARTNERSOLUTIONS.CA
Wed Jan 11 14:18:54 GMT 2006


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi List,

 MS06-003 was released last night:
	"Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution"
	http://www.microsoft.com/technet/security/Bulletin/MS06-003.mspx


 I can't verify for sure, but I have a feeling that if "Deliver Unparsable TNEF" is set to no, this attack might very well be mitigated, at least until some virus signatures exist.

 

-Joshua

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list