cbcvebase.
CVE-2006-0027
published 2006-05-10

CVE-2006-0027: Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal…

PriorityP262high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
78.68%
99.5th percentile
Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftexchange_server
microsoftexchange_server

Detection & IOCsextracted from sources · hover to see the quote

otherMODPROP
  • Inspect inbound e-mail messages for crafted vCal or iCal Calendar properties, which are the attack vector for this vulnerability.
  • Look for VCAL requests containing multiple malformed MODPROP values arriving over SMTP, indicative of heap overflow exploitation attempts against Microsoft Exchange.
  • ·The vulnerability is described as 'unspecified', meaning the exact triggering conditions beyond crafted vCal/iCal properties are not publicly detailed, which may limit precise signature development.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.