CVE-2006-0002

Published: Jan 10, 2006Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.

Affected (16)

Products: Microsoft: Exchange Server, Office, Outlook

3 products

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Microsoft Exchange Server	Version 2000 sp3
Microsoft Exchange Server	Version 5.0
Microsoft Exchange Server	Version 5.0 sp1
Microsoft Exchange Server	Version 5.0 sp2
Microsoft Exchange Server	Version 5.5
Microsoft Exchange Server	Version 5.5 sp1
Microsoft Exchange Server	Version 5.5 sp2
Microsoft Exchange Server	Version 5.5 sp3
Microsoft Exchange Server	Version 5.5 sp4
Microsoft Office	Version 2000 sp3
Microsoft Office	Version 2003 sp1
Microsoft Office	Version 2003 sp2
Microsoft Office	Version xp sp3
Microsoft Outlook	Version 2000 sp3
Microsoft Outlook	Version 2002 sp3
Microsoft Outlook	Version 2003

References (40)

http://secunia.com/advisories/18368

Source: secure@microsoft.com

PatchThird Party Advisory

http://securityreason.com/securityalert/330

Source: secure@microsoft.com

Third Party Advisory

http://securityreason.com/securityalert/331

Source: secure@microsoft.com

Third Party Advisory

http://securitytracker.com/id?1015460

Source: secure@microsoft.com

PatchThird Party AdvisoryVDB Entry

http://securitytracker.com/id?1015461

Source: secure@microsoft.com

PatchThird Party AdvisoryVDB Entry

http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm

Source: secure@microsoft.com

Third Party Advisory

http://www.kb.cert.org/vuls/id/252146

Source: secure@microsoft.com

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/archive/1/421518/100/0/threaded

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/421520/100/0/threaded

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/16197

Source: secure@microsoft.com

PatchThird Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA06-010A.html

Source: secure@microsoft.com

PatchThird Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2006/0119

Source: secure@microsoft.com

Permissions Required

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-003

Source: secure@microsoft.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/22878

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1082

Source: secure@microsoft.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1165

Source: secure@microsoft.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1316

Source: secure@microsoft.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1456

Source: secure@microsoft.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1485

Source: secure@microsoft.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A624

Source: secure@microsoft.com

Third Party Advisory

http://secunia.com/advisories/18368