CVE-2006-0002 — Microsoft Exchange Server vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

32.8%

top 3.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Exchange Server Microsoft Office Microsoft Outlook

Timeline

PublishedJan 10

Latest updateMay 1

Description

Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDmicrosoft/exchange_server2000, 5.0, 5.5+2

▶NVDmicrosoft/office2000, 2003, xp+2

▶NVDmicrosoft/outlook2000, 2002, 2003+2

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-pq9r-2xxh-vvh7: Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5↗2022-05-01

▶

CVEList

CVE-2006-0002: Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5↗2006-01-10

▶