PCWorks: Vulnerability Outlook Express Address Book Contact Record

Thread: PCWorks: Vulnerability Outlook Express Address Book Contact Record

Search this list only Search all lists
PCWorks: Vulnerability Outlook Express Address Book Contact Record
	2006-12-13 08:09:13
TITLE: Outlook Express Address Book Contact Record Vulnerability SECUNIA ADVISORY ID: SA23311 VERIFY ADVISORY: http://secunia.c om/advisories/23311/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote OPERATING SYSTEM: Microsoft Windows 2000 Advanced Server http://secunia.com/pro duct/21/ Microsoft Windows 2000 Datacenter Server http://secunia.com/p roduct/1177/ Microsoft Windows 2000 Professional http://secunia.com/prod uct/1/ Microsoft Windows 2000 Server http://secunia.com/pro duct/20/ Microsoft Windows XP Home Edition http://secunia.com/pro duct/16/ Microsoft Windows XP Professional http://secunia.com/pro duct/22/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/p roduct/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/p roduct/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/p roduct/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/p roduct/1176/ SOFTWARE: Microsoft Outlook Express 5.5 http://secunia.com/pr oduct/189/ Microsoft Outlook Express 6 http://secunia.com/pr oduct/102/ DESCRIPTION: A vulnerability has been reported in Outlook Express, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the processing of Windows Address Book files (.wab) and can be exploited to cause a buffer overflow by tricking a user into opening a specially crafted WAB file. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Outlook Express 5.5 SP2 on Windows 2000 SP4: http://www.microsof t.com/downloads/details.aspx?FamilyId=CB0563FB-A05D-4D9D-B26 9-B5602B09C16A Outlook Express 6 SP1 on Windows 2000 SP4: http://www.microsof t.com/downloads/details.aspx?FamilyId=1F0432D4-3F45-472E-8C2 D-B7B6A879ACB8 Outlook Express 6 on Windows XP SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=560E8778-9733-4719-A56 5-614FD490C320 Outlook Express 6 on Windows XP Professional x64 Edition: http://www.microsof t.com/downloads/details.aspx?familyid=6BE4F4CE-ABD6-4A38-84A 5-8952E3531217 Outlook Express 6 on Windows Server 2003 (optionally with SP1): http://www.microsof t.com/downloads/details.aspx?FamilyId=FE358108-15DF-4ED9-B25 7-01AEB82647DF Outlook Express 6 on Windows Server 2003 x64 Edition: http://www.microsof t.com/downloads/details.aspx?FamilyId=DDE5C141-DE6C-4DD9-839 9-6E5DB0DCC574 Outlook Express 6 on Windows Server 2003 for Itanium-based systems (optionally with SP1): http://www.microsof t.com/downloads/details.aspx?familyid=7D3FEA7A-DDC0-4A22-A8B 3-D5F46707D017 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS06-076 (KB923694): http://www.microsoft.com/technet/security/Bullet in/MS06-076.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/r ules.htm Contact list owner <owner-pcworksimagicomm.com> Unsubscribing and other changes: http://pcworkers.com =====================================================

[1]

about | contact Other archives ( Real Estate discussion Medical topics )