5.1 - MS06-016

Executive Summary

Informations
Name	MS06-016	First vendor Publication	N/A
Vendor	Microsoft	Last vendor Modification	N/A
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score	5.1	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	High
Cvss Expoit Score	4.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cumulative Security Update for Outlook Express (911567)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1611

Oval ID:	oval:org.mitre.oval:def:1611
Title:	Microsoft Outlook Express 6 (XP,SP2) WAB Remote Code Execution Vulnerability
Description:	Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-0014	Version:	9
Platform(s):	Microsoft Windows XP	Product(s):	Microsoft Outlook Express
Definition Synopsis:
Windows XP is installed AND Win2K/XP/2003/Vista/2008 service pack 2 is installed AND Microsoft Outlook Express 6 for Windows XP/2003 is installed AND the version of inetcomm.dll is less than 6.0.2900.2869

Definition Id: oval:org.mitre.oval:def:1682

Oval ID:	oval:org.mitre.oval:def:1682
Title:	Microsoft Outlook Express 6,SP1 WAB Remote Code Execution Vulnerability
Description:	Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-0014	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Outlook Express
Definition Synopsis:
Windows XP,SP1 32-bit or Win2K,SP4 is installed Windows XP,SP1 32-bit is installed Windows XP is installed AND Win2K/XP/2003 service pack 1 is installed AND NOT 64-Bit version of Windows is installed OR Windows 2000 Service Pack 4 (or later) is installed Windows 2000 is installed AND Win2K/XP/2003 service pack 4 (or later) is installed AND Microsoft Outlook Express 6 SP1 is installed AND the version of inetcomm.dll is less than 6.0.2800.1807

Definition Id: oval:org.mitre.oval:def:1769

Oval ID:	oval:org.mitre.oval:def:1769
Title:	Microsoft Outlook Express 6 (64-bit XP) WAB Remote Code Execution Vulnerability
Description:	Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-0014	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Outlook Express
Definition Synopsis:
Windows XP is installed AND a version of Windows for the ia64 architecture is installed AND Microsoft Outlook Express 6 for Windows XP/2003 is installed AND the version of inetcomm.dll is less than 6.0.3790.2663

Definition Id: oval:org.mitre.oval:def:1771

Oval ID:	oval:org.mitre.oval:def:1771
Title:	Microsoft Outlook Express 6 (S03-Gold, Itanium) WAB Remote Code Execution Vulnerability
Description:	Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-0014	Version:	8
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Outlook Express
Definition Synopsis:
Windows Server 2003 is installed AND NOT Win2K/XP/2003 is patched AND a version of Windows for the ia64 architecture is installed AND Microsoft Outlook Express 6 for Windows XP/2003 is installed AND the version of inetcomm.dll is less than 6.0.3790.504

Definition Id: oval:org.mitre.oval:def:1780

Oval ID:	oval:org.mitre.oval:def:1780
Title:	Microsoft Outlook Express 5.5 WAB Remote Code Execution Vulnerability
Description:	Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-0014	Version:	2
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Outlook Express
Definition Synopsis:
Microsoft Outlook Express 5.5 is installed AND the version of inetcomm.dll is less than 5.50.4963.1700

Definition Id: oval:org.mitre.oval:def:1791

Oval ID:	oval:org.mitre.oval:def:1791
Title:	Microsoft Outlook Express 6 (S03,SP1) WAB Remote Code Execution Vulnerability
Description:	Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-0014	Version:	7
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Outlook Express
Definition Synopsis:
Windows Server 2003 is installed AND Win2K/XP/2003/Vista service pack 1 is installed AND Microsoft Outlook Express 6 for Windows XP/2003 is installed AND the version of inetcomm.dll is less than 6.0.3790.2663

Definition Id: oval:org.mitre.oval:def:812

Oval ID:	oval:org.mitre.oval:def:812
Title:	Microsoft Outlook Express 6 (S03-Gold) WAB Remote Code Execution Vulnerability
Description:	Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-0014	Version:	9
Platform(s):	Microsoft Windows Server 2003	Product(s):	Microsoft Outlook Express
Definition Synopsis:
Windows Server 2003 is installed AND NOT Win2K/XP/2003 is patched AND NOT a version of Windows for the ia64 architecture is installed AND Microsoft Outlook Express 6 for Windows XP/2003 is installed AND the version of inetcomm.dll is less than 6.0.3790.2663

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Outlook Express cpe:2.3:a:microsoft:outlook_express:6.0:::::::* cpe:2.3:a:microsoft:outlook_express:6.0:sp1:::::: cpe:2.3:a:microsoft:outlook_express:5.5:sp2:::::: cpe:2.3:a:microsoft:outlook_express:5.5:::::::* cpe:2.3:a:microsoft:outlook_express:5.5:sp1::::::	5

Open Source Vulnerability Database (OSVDB)

Id	Description
24519	Microsoft Outlook Express Windows Address Book (.wab) Processing Overflow

Snort® IPS/IDS

Date	Description
2014-01-10	Microsoft Windows Address Book Base64 encoded attachment detected RuleID : 6413 - Revision : 10 - Type : SERVER-MAIL
2014-01-10	Microsoft Windows Address Book attachment detected RuleID : 6412 - Revision : 10 - Type : SERVER-MAIL
2015-02-24	Outlook Express WAB file parsing buffer overflow attempt RuleID : 33198 - Revision : 2 - Type : OS-WINDOWS
2014-01-10	Outlook Express WAB file parsing buffer overflow attempt RuleID : 18590 - Revision : 12 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date	Description
2006-04-11	Name : Arbitrary code can be executed on the remote host through the email client. File : smb_nt_ms06-016.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2015-02-24 21:24:59	Multiple Updates
2014-02-17 11:45:21	Multiple Updates
2014-01-19 21:29:58	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	7
CPE ID(s)	5
osvdb(s)	1
Snort® Rule(s)	4
Nessus® Exploit(s)	1

	Related
5.1	CVE-2006-0014
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0542s

Facebook rss twitter linkedin mail