Vulnerabilities > CVE-2006-2386 - Remote Code Execution vulnerability in Microsoft Outlook Express Windows Address Book Contact Record
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. If a end user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS06-076.NASL |
description | The remote host is running a version of Microsoft Outlook Express that contains a security flaw that may allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to send a malformed HTML email to a victim on the remote host and have him open it. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 23835 |
published | 2006-12-12 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/23835 |
title | MS06-076: Cumulative Security Update for Outlook Express (923694) |
code |
|
Oval
accepted | 2007-02-20T13:39:28.558-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||
description | Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. | ||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:1055 | ||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2006-12-13T08:17:04 | ||||||||||||||||||||||||||||||||||||||||||||||||
title | Windows Address Book Contact Record Vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||
version | 70 |
References
- http://secunia.com/advisories/23311
- http://securitytracker.com/id?1017369
- http://www.securityfocus.com/archive/1/454969/100/200/threaded
- http://www.securityfocus.com/bid/21501
- http://www.us-cert.gov/cas/techalerts/TA06-346A.html
- http://www.vupen.com/english/advisories/2006/4969
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-076
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29227
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1055