Vulnerabilities > CVE-2006-1305 - Resource Management Errors vulnerability in Microsoft Office and Outlook
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS07-003.NASL |
description | The remote host is running a version of outlook or exchange that is vulnerable to a bug in the VEVENT record handling routine that could allow an attacker execute arbitrary code on the remote host by sending a specially crafted email. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 23999 |
published | 2007-01-09 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/23999 |
title | MS07-003: Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938) |
code |
|
Oval
accepted | 2012-05-28T04:00:16.572-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
description | Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers. | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:122 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2007-01-10T02:08:37 | ||||||||||||
title | Microsoft Outlook Denial of Service Vulnerability | ||||||||||||
version | 7 |
References
- http://blogs.securiteam.com/index.php/archives/347
- http://linuxbox.org/pipermail/funsec/2006-March/005208.html
- http://osvdb.org/ref/24/24081-outlook1.txt
- http://secunia.com/advisories/23674
- http://securitytracker.com/id?1017488
- http://www.kb.cert.org/vuls/id/617436
- http://www.osvdb.org/31253
- http://www.securityfocus.com/archive/1/457274/100/0/threaded
- http://www.securityfocus.com/bid/21937
- http://www.us-cert.gov/cas/techalerts/TA07-009A.html
- http://www.vupen.com/english/advisories/2007/0104
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-003
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A122