Microsoft Outlook Express up to 6 Windows Address Book File memory corruption
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.4 | $0-$5k | 0.00 |
A vulnerability has been found in Microsoft Outlook Express up to 6 (Mail Client Software) and classified as critical. This vulnerability affects an unknown part of the component Windows Address Book File Handler. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.
The bug was discovered 12/12/2006. The weakness was published 12/12/2006 with Microsoft as MS06-076 as confirmed bulletin (Technet). The advisory is shared for download at microsoft.com. This vulnerability was named CVE-2006-2386 since 05/15/2006. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available.
It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 23835 (MS06-076: Cumulative Security Update for Outlook Express (923694)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins and running in the context l.
Upgrading eliminates this vulnerability. Applying the patch MS06-076 is able to eliminate this problem. The bugfix is ready for download at microsoft.com. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability. Attack attempts may be identified with Snort ID 9639. In this case the pattern |9C CB CB 8D 13|u|D2 11 91|X|00 C0|OyV|A4|
is used for detection. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 4906.
The vulnerability is also documented in the databases at X-Force (29227) and Tenable (23835). Similar entry is available at 2136.
Product
Type
Vendor
Name
Version
License
Support
- end of life
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 6.4
VulDB Base Score: 7.3
VulDB Temp Score: 6.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 23835
Nessus Name: MS06-076: Cumulative Security Update for Outlook Express (923694)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: MS06-076
Snort ID: 9639
Snort Message: WEB-CLIENT Windows Address Book download attempt
Snort Pattern: 🔍
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
SourceFire IPS: 🔍
ISS Proventia IPS: 🔍
Timeline
05/15/2006 🔍12/12/2006 🔍
12/12/2006 🔍
12/12/2006 🔍
12/12/2006 🔍
12/12/2006 🔍
12/12/2006 🔍
12/12/2006 🔍
12/12/2006 🔍
12/12/2006 🔍
12/13/2006 🔍
12/14/2006 🔍
07/11/2019 🔍
Sources
Vendor: microsoft.comAdvisory: MS06-076
Researcher: http://www.microsoft.com
Organization: Microsoft
Status: Confirmed
CVE: CVE-2006-2386 (🔍)
OVAL: 🔍
X-Force: 29227 - Microsoft Outlook Express Windows Address Book (WAB) buffer overflow, High Risk
SecurityTracker: 1017369
Vulnerability Center: 13310 - [MS06-076] Microsoft Outlook Express Windows Address Book (WAB) Buffer Overflow, Medium
SecurityFocus: 21501 - Microsoft Outlook Express Windows Address Book Contact Record Remote Code Execution Vulnerability
Secunia: 23311 - Outlook Express Address Book Contact Record Vulnerability, Moderately Critical
OSVDB: 30821 - Microsoft Outlook Express Windows Address Book Contact Record Code Execution
Vupen: ADV-2006-4969
See also: 🔍
Entry
Created: 12/14/2006 15:30Updated: 07/11/2019 17:02
Changes: 12/14/2006 15:30 (105), 07/11/2019 17:02 (1)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.