Executive Summary

Informations
Name MS06-076 First vendor Publication 2006-12-12
Vendor Microsoft Last vendor Modification 2006-12-12
Severity (Vendor) Important Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. We recommend that customers should apply the update at the earliest opportunity.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/ms06-076.mspx?pubDate=2 (...)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1055
 
Oval ID: oval:org.mitre.oval:def:1055
Title: Windows Address Book Contact Record Vulnerability
Description: Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.
Family: windows Class: vulnerability
Reference(s): CVE-2006-2386
Version: 1
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Outlook Express
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4

Open Source Vulnerability Database (OSVDB)

Id Description
30821 Microsoft Outlook Express Windows Address Book Contact Record Code Execution

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows Address Book file magic detected
RuleID : 9639 - Revision : 14 - Type : FILE-IDENTIFY
2014-01-10 Microsoft Windows Address Book Base64 encoded attachment detected
RuleID : 6413 - Revision : 10 - Type : SERVER-MAIL
2014-01-10 Microsoft Windows Address Book attachment detected
RuleID : 6412 - Revision : 10 - Type : SERVER-MAIL
2015-02-24 Outlook Express WAB file parsing buffer overflow attempt
RuleID : 33198 - Revision : 2 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows Address Book file magic detected
RuleID : 23722 - Revision : 6 - Type : FILE-IDENTIFY
2014-01-10 Outlook Express WAB file parsing buffer overflow attempt
RuleID : 18590 - Revision : 12 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2006-12-12 Name : Arbitrary code can be executed on the remote host through the email client.
File : smb_nt_ms06-076.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2015-02-24 21:24:59
  • Multiple Updates
2014-02-17 11:45:34
  • Multiple Updates
2014-01-19 21:30:03
  • Multiple Updates
2013-05-11 12:21:57
  • Multiple Updates