Ravens PHP Scripts

Outlook Express Address Book Contact Record Vulnerability
Date: Tuesday, December 12, 2006 @ 23:32:39 CST
Topic: Security

SECUNIA ADVISORY ID: SA23311

VERIFY ADVISORY: http://secunia.com/advisories/23311/

CRITICAL: Moderately critical

IMPACT: System access

OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server - http://secunia.com/product/21/
Microsoft Windows 2000 Datacenter Server - http://secunia.com/product/1177/
Microsoft Windows 2000 Professional - http://secunia.com/product/1/
Microsoft Windows 2000 Server - http://secunia.com/product/20/
Microsoft Windows XP Home Edition - http://secunia.com/product/16/
Microsoft Windows XP Professional - http://secunia.com/product/22/
Microsoft Windows Server 2003 Datacenter Edition - http://secunia.com/product/1175/
Microsoft Windows Server 2003 Enterprise Edition - http://secunia.com/product/1174/
Microsoft Windows Server 2003 Standard Edition - http://secunia.com/product/1173/
Microsoft Windows Server 2003 Web Edition - http://secunia.com/product/1176/

SOFTWARE:
Microsoft Outlook Express 5.5 - http://secunia.com/product/189/
Microsoft Outlook Express 6 - http://secunia.com/product/102/

DESCRIPTION: A vulnerability has been reported in Outlook Express, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the processing of Windows Address Book files (.wab) and can be exploited to cause a buffer overflow by tricking a user into opening a specially crafted WAB file. Successful exploitation allows execution of arbitrary code.

SOLUTION: Apply patches.

Outlook Express 5.5 SP2 on Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=CB0563FB-A05D-4D9D-B269-B5602B09C16A

Outlook Express 6 SP1 on Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=1F0432D4-3F45-472E-8C2D-B7B6A879ACB8

Outlook Express 6 on Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=560E8778-9733-4719-A565-614FD490C320

Outlook Express 6 on Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?familyid=6BE4F4CE-ABD6-4A38-84A5-8952E3531217

Outlook Express 6 on Windows Server 2003 (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=FE358108-15DF-4ED9-B257-01AEB82647DF

Outlook Express 6 on Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=DDE5C141-DE6C-4DD9-8399-6E5DB0DCC574

Outlook Express 6 on Windows Server 2003 for Itanium-based systems (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?familyid=7D3FEA7A-DDC0-4A22-A8B3-D5F46707D017

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: MS06-076 (KB923694): http://www.microsoft.com/technet/security/Bulletin/MS06-076.mspx





This article comes from Ravens PHP Scripts
https://www.ravenphpscripts.com

The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2553